Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-48917 (GCVE-0-2022-48917)
Vulnerability from cvelistv5 – Published: 2024-08-22 01:32 – Updated: 2025-05-10 14:08
VLAI?
EPSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-05-10T14:08:16.032Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48917",
"datePublished": "2024-08-22T01:32:20.608Z",
"dateRejected": "2025-05-10T14:08:16.032Z",
"dateReserved": "2024-08-21T06:06:23.295Z",
"dateUpdated": "2025-05-10T14:08:16.032Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.9.300\", \"versionEndExcluding\": \"4.9.305\", \"matchCriteriaId\": \"7078F5FD-8C44-4848-8434-373F11E2437F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.14.265\", \"versionEndExcluding\": \"4.14.270\", \"matchCriteriaId\": \"EE350A5A-C35A-4391-8BF5-BD86BA58F692\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.19.228\", \"versionEndExcluding\": \"4.19.233\", \"matchCriteriaId\": \"CAD48EEC-226F-4CEE-B62A-4C2E080C07DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.4.178\", \"versionEndExcluding\": \"5.4.183\", \"matchCriteriaId\": \"BFA7B940-F1DA-4FFA-B8CF-2207C6B13588\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.10.99\", \"versionEndExcluding\": \"5.10.104\", \"matchCriteriaId\": \"EB68B618-D9A9-4D08-825F-95066EBB07B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.15.22\", \"versionEndExcluding\": \"5.15.27\", \"matchCriteriaId\": \"9274DE9A-1466-4660-ABE0-FCE84DFE75E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16.8\", \"versionEndExcluding\": \"5.16.13\", \"matchCriteriaId\": \"EDE53E28-A078-4F10-B3B9-EE8482DCFEC7\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nASoC: ops: Shift tested values in snd_soc_put_volsw() by +min\\n\\nWhile the $val/$val2 values passed in from userspace are always \u003e= 0\\nintegers, the limits of the control can be signed integers and the $min\\ncan be non-zero and less than zero. To correctly validate $val/$val2\\nagainst platform_max, add the $min offset to val first.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: ops: Shift valores probados en snd_soc_put_volsw() por +min Mientras que los valores $val/$val2 pasados desde el espacio de usuario son siempre \u0026gt;= 0 enteros, los l\\u00edmites del control pueden ser n\\u00fameros enteros con signo y $min puede ser distinto de cero y menor que cero. Para validar correctamente $val/$val2 contra platform_max, primero agregue el desplazamiento $min a val.\"}]",
"id": "CVE-2022-48917",
"lastModified": "2024-09-12T13:07:29.723",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
"published": "2024-08-22T02:15:05.853",
"references": "[{\"url\": \"https://git.kernel.org/stable/c/050b1821f27c5d4fd5a298f6e62c3d3c9335e622\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/0b2ecc9163472128e7f30b517bee92dcd27ffc34\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/6951a5888165a38bb7c39a2d18f5668b2f1241c7\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/69f42e41256d5a234d3ae0d35fa66dc6d8171846\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/70712d5afbbea898d5f51fa02e315fe0a4835043\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/7e0e4bc93811cf600508ff36f07abea7b40643ed\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/9bdd10d57a8807dba0003af0325191f3cec0f11c\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/f3537f1b2bfd3b1df15723df49fc26eccd5112fe\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}]",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-48917\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-22T02:15:05.853\",\"lastModified\":\"2025-05-10T15:15:50.627\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\"}],\"metrics\":{},\"references\":[]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"rejectedReasons\": [{\"lang\": \"en\", \"value\": \"This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-10T14:08:16.032Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-48917\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"state\": \"REJECTED\", \"assignerShortName\": \"Linux\", \"dateReserved\": \"2024-08-21T06:06:23.295Z\", \"datePublished\": \"2024-08-22T01:32:20.608Z\", \"dateUpdated\": \"2025-05-10T14:08:16.032Z\", \"dateRejected\": \"2025-05-10T14:08:16.032Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0840
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | Legacy Module 15-SP5 | ||
| SUSE | N/A | openSUSE Leap Micro 5.5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Desktop 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 11 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | SUSE Manager Server 4.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 | ||
| SUSE | N/A | SUSE Manager Proxy 4.1 | ||
| SUSE | N/A | Basesystem Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP5 | ||
| SUSE | N/A | Development Tools Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Legacy Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2022-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
},
{
"name": "CVE-2022-20368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20368"
},
{
"name": "CVE-2022-0854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0854"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2022-28748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28748"
},
{
"name": "CVE-2022-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0500"
},
{
"name": "CVE-2022-4382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4382"
},
{
"name": "CVE-2023-1582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1582"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2023-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
},
{
"name": "CVE-2022-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40133"
},
{
"name": "CVE-2022-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
},
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2024-26631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26631"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2024-26800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26800"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2024-26812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26812"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2023-52498",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52498"
},
{
"name": "CVE-2024-27016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27016"
},
{
"name": "CVE-2024-26808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
},
{
"name": "CVE-2024-26835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26835"
},
{
"name": "CVE-2024-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27024"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2024-26668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26668"
},
{
"name": "CVE-2024-26669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26669"
},
{
"name": "CVE-2022-48686",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48686"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2024-36933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36933"
},
{
"name": "CVE-2023-52854",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52854"
},
{
"name": "CVE-2024-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35945"
},
{
"name": "CVE-2024-35971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35971"
},
{
"name": "CVE-2024-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36009"
},
{
"name": "CVE-2024-36013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36013"
},
{
"name": "CVE-2024-36936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36936"
},
{
"name": "CVE-2024-31076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
},
{
"name": "CVE-2024-35897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35897"
},
{
"name": "CVE-2024-35902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35902"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2024-27403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27403"
},
{
"name": "CVE-2024-27079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27079"
},
{
"name": "CVE-2023-52846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52846"
},
{
"name": "CVE-2024-26677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26677"
},
{
"name": "CVE-2024-27010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27010"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2024-36270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2024-38662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38662"
},
{
"name": "CVE-2024-39489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39489"
},
{
"name": "CVE-2024-40905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40905"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2024-41000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41000"
},
{
"name": "CVE-2024-36962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36962"
},
{
"name": "CVE-2024-38554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38554"
},
{
"name": "CVE-2024-38602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38602"
},
{
"name": "CVE-2022-48808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48808"
},
{
"name": "CVE-2024-41011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41011"
},
{
"name": "CVE-2021-47546",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47546"
},
{
"name": "CVE-2022-48791",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48791"
},
{
"name": "CVE-2022-48802",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48802"
},
{
"name": "CVE-2022-48805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48805"
},
{
"name": "CVE-2022-48839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48839"
},
{
"name": "CVE-2022-48853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48853"
},
{
"name": "CVE-2024-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40909"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41060"
},
{
"name": "CVE-2024-41087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41087"
},
{
"name": "CVE-2024-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41089"
},
{
"name": "CVE-2024-41095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41095"
},
{
"name": "CVE-2024-42119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42119"
},
{
"name": "CVE-2024-42120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42120"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2024-41007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41007"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-41022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41022"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2024-41065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41065"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2024-42104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42104"
},
{
"name": "CVE-2024-42106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42106"
},
{
"name": "CVE-2024-42115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42115"
},
{
"name": "CVE-2024-42121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42121"
},
{
"name": "CVE-2024-42127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42127"
},
{
"name": "CVE-2024-42137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42137"
},
{
"name": "CVE-2024-42143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42143"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2024-42110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42110"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2023-52887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52887"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-41093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2024-42076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42076"
},
{
"name": "CVE-2024-42077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42077"
},
{
"name": "CVE-2024-42080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42080"
},
{
"name": "CVE-2024-42085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42085"
},
{
"name": "CVE-2024-42086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42086"
},
{
"name": "CVE-2024-42087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42087"
},
{
"name": "CVE-2024-42089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42089"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2024-42092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42092"
},
{
"name": "CVE-2024-42095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42095"
},
{
"name": "CVE-2024-42097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42097"
},
{
"name": "CVE-2024-42098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42098"
},
{
"name": "CVE-2024-42130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42130"
},
{
"name": "CVE-2024-42225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42225"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2021-4441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4441"
},
{
"name": "CVE-2021-47106",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47106"
},
{
"name": "CVE-2021-47517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47517"
},
{
"name": "CVE-2022-48645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48645"
},
{
"name": "CVE-2022-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48706"
},
{
"name": "CVE-2022-48865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48865"
},
{
"name": "CVE-2022-48868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48868"
},
{
"name": "CVE-2022-48869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48869"
},
{
"name": "CVE-2022-48870",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48870"
},
{
"name": "CVE-2022-48871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48871"
},
{
"name": "CVE-2022-48872",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48872"
},
{
"name": "CVE-2022-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48873"
},
{
"name": "CVE-2022-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48875"
},
{
"name": "CVE-2022-48878",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48878"
},
{
"name": "CVE-2022-48880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48880"
},
{
"name": "CVE-2022-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48881"
},
{
"name": "CVE-2022-48882",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48882"
},
{
"name": "CVE-2022-48883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48883"
},
{
"name": "CVE-2022-48884",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48884"
},
{
"name": "CVE-2022-48885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48885"
},
{
"name": "CVE-2022-48886",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48886"
},
{
"name": "CVE-2022-48887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48887"
},
{
"name": "CVE-2022-48888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48888"
},
{
"name": "CVE-2022-48889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48889"
},
{
"name": "CVE-2022-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48890"
},
{
"name": "CVE-2022-48891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48891"
},
{
"name": "CVE-2022-48893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48893"
},
{
"name": "CVE-2022-48896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48896"
},
{
"name": "CVE-2022-48898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48898"
},
{
"name": "CVE-2022-48899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48899"
},
{
"name": "CVE-2022-48901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48901"
},
{
"name": "CVE-2022-48903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48903"
},
{
"name": "CVE-2022-48904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48904"
},
{
"name": "CVE-2022-48905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48905"
},
{
"name": "CVE-2022-48906",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48906"
},
{
"name": "CVE-2022-48907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48907"
},
{
"name": "CVE-2022-48909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48909"
},
{
"name": "CVE-2022-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48910"
},
{
"name": "CVE-2022-48912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48912"
},
{
"name": "CVE-2022-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48913"
},
{
"name": "CVE-2022-48914",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48914"
},
{
"name": "CVE-2022-48915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48915"
},
{
"name": "CVE-2022-48916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48916"
},
{
"name": "CVE-2022-48917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48917"
},
{
"name": "CVE-2022-48918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48918"
},
{
"name": "CVE-2022-48919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48919"
},
{
"name": "CVE-2022-48920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48920"
},
{
"name": "CVE-2022-48921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48921"
},
{
"name": "CVE-2022-48923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48923"
},
{
"name": "CVE-2022-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48924"
},
{
"name": "CVE-2022-48925",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48925"
},
{
"name": "CVE-2022-48926",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48926"
},
{
"name": "CVE-2022-48927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48927"
},
{
"name": "CVE-2022-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48928"
},
{
"name": "CVE-2022-48929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48929"
},
{
"name": "CVE-2022-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48930"
},
{
"name": "CVE-2022-48931",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48931"
},
{
"name": "CVE-2022-48932",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48932"
},
{
"name": "CVE-2022-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48934"
},
{
"name": "CVE-2022-48937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48937"
},
{
"name": "CVE-2022-48938",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48938"
},
{
"name": "CVE-2022-48939",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48939"
},
{
"name": "CVE-2022-48940",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48940"
},
{
"name": "CVE-2022-48941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48941"
},
{
"name": "CVE-2022-48942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48942"
},
{
"name": "CVE-2022-48943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48943"
},
{
"name": "CVE-2023-52859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52859"
},
{
"name": "CVE-2023-52889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52889"
},
{
"name": "CVE-2023-52893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52893"
},
{
"name": "CVE-2023-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52894"
},
{
"name": "CVE-2023-52896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52896"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2023-52899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52899"
},
{
"name": "CVE-2023-52900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52900"
},
{
"name": "CVE-2023-52901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52901"
},
{
"name": "CVE-2023-52904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52904"
},
{
"name": "CVE-2023-52905",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52905"
},
{
"name": "CVE-2023-52906",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52906"
},
{
"name": "CVE-2023-52907",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52907"
},
{
"name": "CVE-2023-52908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52908"
},
{
"name": "CVE-2023-52909",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52909"
},
{
"name": "CVE-2023-52910",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52910"
},
{
"name": "CVE-2023-52911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52911"
},
{
"name": "CVE-2023-52912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52912"
},
{
"name": "CVE-2023-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52913"
},
{
"name": "CVE-2024-41036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41036"
},
{
"name": "CVE-2024-41038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41038"
},
{
"name": "CVE-2024-41039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41039"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2024-41045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41045"
},
{
"name": "CVE-2024-41056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41056"
},
{
"name": "CVE-2024-41062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41062"
},
{
"name": "CVE-2024-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41079"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-41088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41088"
},
{
"name": "CVE-2024-41098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41098"
},
{
"name": "CVE-2024-42069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42069"
},
{
"name": "CVE-2024-42074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42074"
},
{
"name": "CVE-2024-42107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42107"
},
{
"name": "CVE-2024-42114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42114"
},
{
"name": "CVE-2024-42126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42126"
},
{
"name": "CVE-2024-42139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42139"
},
{
"name": "CVE-2024-42142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42142"
},
{
"name": "CVE-2024-42155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42155"
},
{
"name": "CVE-2024-42156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42156"
},
{
"name": "CVE-2024-42158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42158"
},
{
"name": "CVE-2024-42162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42162"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2024-42237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-42239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42239"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-42268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42268"
},
{
"name": "CVE-2024-42271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42271"
},
{
"name": "CVE-2024-42274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42274"
},
{
"name": "CVE-2024-42276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42276"
},
{
"name": "CVE-2024-42277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42277"
},
{
"name": "CVE-2024-42280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42280"
},
{
"name": "CVE-2024-42281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42281"
},
{
"name": "CVE-2024-42283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42283"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-42285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42285"
},
{
"name": "CVE-2024-42286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42286"
},
{
"name": "CVE-2024-42287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42287"
},
{
"name": "CVE-2024-42288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42288"
},
{
"name": "CVE-2024-42289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42289"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
},
{
"name": "CVE-2024-42295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42295"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2024-42302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42302"
},
{
"name": "CVE-2024-42308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42308"
},
{
"name": "CVE-2024-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42309"
},
{
"name": "CVE-2024-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42310"
},
{
"name": "CVE-2024-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42311"
},
{
"name": "CVE-2024-42312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42312"
},
{
"name": "CVE-2024-42313",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42313"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-42318",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42318"
},
{
"name": "CVE-2024-42319",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42319"
},
{
"name": "CVE-2024-42320",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42320"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43816"
},
{
"name": "CVE-2024-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43818"
},
{
"name": "CVE-2024-43819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43819"
},
{
"name": "CVE-2024-43821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43821"
},
{
"name": "CVE-2024-43823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43823"
},
{
"name": "CVE-2024-43829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43829"
},
{
"name": "CVE-2024-43830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
},
{
"name": "CVE-2024-43831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43831"
},
{
"name": "CVE-2024-43834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43834"
},
{
"name": "CVE-2024-43837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43837"
},
{
"name": "CVE-2024-43839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43839"
},
{
"name": "CVE-2024-43841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43841"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2024-43846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43846"
},
{
"name": "CVE-2024-43849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43849"
},
{
"name": "CVE-2024-43853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43853"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-43856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43856"
},
{
"name": "CVE-2024-43858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43858"
},
{
"name": "CVE-2024-43860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43860"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-43866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43866"
},
{
"name": "CVE-2024-43867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43867"
},
{
"name": "CVE-2024-43871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43871"
},
{
"name": "CVE-2024-43872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43872"
},
{
"name": "CVE-2024-43873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43873"
},
{
"name": "CVE-2024-43879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43879"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2024-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43883"
},
{
"name": "CVE-2024-43884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43884"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-43894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43894"
},
{
"name": "CVE-2024-43895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43895"
},
{
"name": "CVE-2024-43899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43899"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-43902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43902"
},
{
"name": "CVE-2024-43903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43903"
},
{
"name": "CVE-2024-43904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43904"
},
{
"name": "CVE-2024-43905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43905"
},
{
"name": "CVE-2024-43907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43907"
},
{
"name": "CVE-2024-43908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43908"
},
{
"name": "CVE-2024-43909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43909"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0840",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-09-27",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3467-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243467-1"
},
{
"published_at": "2024-09-30",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3499-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243499-1"
},
{
"published_at": "2024-09-27",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3483-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243483-1"
},
{
"published_at": "2024-09-27",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3468-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243468-1"
}
]
}
CERTFR-2024-AVI-0800
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | openSUSE Leap Micro 5.5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Manager Proxy 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP3 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12 12-SP5 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12 SP5 | ||
| SUSE | N/A | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | openSUSE Leap 15.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "openSUSE Leap Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-43907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43907"
},
{
"name": "CVE-2024-38662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38662"
},
{
"name": "CVE-2024-42155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42155"
},
{
"name": "CVE-2022-48651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48651"
},
{
"name": "CVE-2022-48786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48786"
},
{
"name": "CVE-2024-42162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42162"
},
{
"name": "CVE-2023-52854",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52854"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-42280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42280"
},
{
"name": "CVE-2024-43819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43819"
},
{
"name": "CVE-2024-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42310"
},
{
"name": "CVE-2022-48837",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48837"
},
{
"name": "CVE-2023-52846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52846"
},
{
"name": "CVE-2022-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48910"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2022-48851",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48851"
},
{
"name": "CVE-2024-42285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42285"
},
{
"name": "CVE-2024-35965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35965"
},
{
"name": "CVE-2024-42158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42158"
},
{
"name": "CVE-2024-42288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42288"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2022-48912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48912"
},
{
"name": "CVE-2024-26677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26677"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2022-48899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48899"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2022-48926",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48926"
},
{
"name": "CVE-2024-35933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35933"
},
{
"name": "CVE-2022-48788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48788"
},
{
"name": "CVE-2022-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48930"
},
{
"name": "CVE-2022-48857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48857"
},
{
"name": "CVE-2023-52907",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52907"
},
{
"name": "CVE-2022-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48873"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2022-48798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48798"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2023-52708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52708"
},
{
"name": "CVE-2023-52901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52901"
},
{
"name": "CVE-2024-42281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42281"
},
{
"name": "CVE-2022-48790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48790"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2022-48791",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48791"
},
{
"name": "CVE-2024-43871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43871"
},
{
"name": "CVE-2024-27398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27398"
},
{
"name": "CVE-2024-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42309"
},
{
"name": "CVE-2022-48789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48789"
},
{
"name": "CVE-2024-42110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42110"
},
{
"name": "CVE-2022-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48934"
},
{
"name": "CVE-2023-1582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1582"
},
{
"name": "CVE-2022-48919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48919"
},
{
"name": "CVE-2022-48823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48823"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2021-47425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47425"
},
{
"name": "CVE-2022-48931",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48931"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2021-4441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4441"
},
{
"name": "CVE-2024-42287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42287"
},
{
"name": "CVE-2024-35950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35950"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-43831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43831"
},
{
"name": "CVE-2021-47373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47373"
},
{
"name": "CVE-2024-42226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42226"
},
{
"name": "CVE-2021-4440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4440"
},
{
"name": "CVE-2024-42259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42259"
},
{
"name": "CVE-2022-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48875"
},
{
"name": "CVE-2022-0854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0854"
},
{
"name": "CVE-2024-36270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-43872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43872"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43883"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2022-48769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48769"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2022-48856",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48856"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-43856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43856"
},
{
"name": "CVE-2022-48778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48778"
},
{
"name": "CVE-2022-48836",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48836"
},
{
"name": "CVE-2021-47549",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47549"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2022-48775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48775"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2022-48858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48858"
},
{
"name": "CVE-2022-48802",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48802"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2022-48843",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48843"
},
{
"name": "CVE-2024-39489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39489"
},
{
"name": "CVE-2024-26812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26812"
},
{
"name": "CVE-2022-48838",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48838"
},
{
"name": "CVE-2024-43839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43839"
},
{
"name": "CVE-2024-43853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43853"
},
{
"name": "CVE-2024-41098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41098"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-42286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42286"
},
{
"name": "CVE-2024-42312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42312"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2024-35915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35915"
},
{
"name": "CVE-2022-48787",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48787"
},
{
"name": "CVE-2024-41087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41087"
},
{
"name": "CVE-2024-42106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42106"
},
{
"name": "CVE-2024-26800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26800"
},
{
"name": "CVE-2024-36013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36013"
},
{
"name": "CVE-2022-20368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20368"
},
{
"name": "CVE-2022-48822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48822"
},
{
"name": "CVE-2024-40910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40910"
},
{
"name": "CVE-2022-48805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48805"
},
{
"name": "CVE-2021-47289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47289"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2022-48811",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48811"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2022-28748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28748"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2024-42077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42077"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2022-48834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48834"
},
{
"name": "CVE-2024-26668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26668"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-26923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26923"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2022-48839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48839"
},
{
"name": "CVE-2024-42289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42289"
},
{
"name": "CVE-2022-48925",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48925"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2022-48901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48901"
},
{
"name": "CVE-2024-35817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35817"
},
{
"name": "CVE-2024-26828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
},
{
"name": "CVE-2022-48917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48917"
},
{
"name": "CVE-2022-48827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48827"
},
{
"name": "CVE-2022-48686",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48686"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2022-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48928"
},
{
"name": "CVE-2023-52893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52893"
},
{
"name": "CVE-2024-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38618"
},
{
"name": "CVE-2022-48920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48920"
},
{
"name": "CVE-2022-48853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48853"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2022-48865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48865"
},
{
"name": "CVE-2024-43879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43879"
},
{
"name": "CVE-2022-48872",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48872"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2022-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48933"
},
{
"name": "CVE-2024-41062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41062"
},
{
"name": "CVE-2022-48751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48751"
},
{
"name": "CVE-2023-52502",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52502"
},
{
"name": "CVE-2021-47341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47341"
},
{
"name": "CVE-2024-43866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43866"
},
{
"name": "CVE-2024-42271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42271"
},
{
"name": "CVE-2024-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40909"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2022-48905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48905"
},
{
"name": "CVE-2024-26930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26930"
},
{
"name": "CVE-2022-48896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48896"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2022-48662",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48662"
},
{
"name": "CVE-2024-41011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41011"
},
{
"name": "CVE-2024-43902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43902"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
},
{
"name": "CVE-2022-48938",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48938"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2021-47257",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47257"
},
{
"name": "CVE-2024-43905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43905"
},
{
"name": "CVE-2022-48835",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48835"
},
{
"name": "CVE-2022-48824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48824"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0800",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3320-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243320-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3347-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243347-1"
},
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3322-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243322-1"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3249-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243249-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3334-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243334-1"
},
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3318-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243318-1"
},
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3321-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243321-1"
},
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3319-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243319-1"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3251-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243251-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3348-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243348-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3337-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243337-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3338-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243338-1"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3252-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243252-1"
},
{
"published_at": "2024-09-20",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3350-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243350-1"
},
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3304-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243304-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3336-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243336-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3349-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243349-1"
}
]
}
CERTFR-2024-AVI-0779
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | N/A | openSUSE Leap Micro 5.5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | N/A | Public Cloud Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | N/A | Public Cloud Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 12 SP5 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
},
{
"name": "CVE-2022-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40133"
},
{
"name": "CVE-2022-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
},
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2024-26631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26631"
},
{
"name": "CVE-2024-27437",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27437"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2024-26590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26590"
},
{
"name": "CVE-2024-26812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26812"
},
{
"name": "CVE-2024-26809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26809"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2024-26889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26889"
},
{
"name": "CVE-2023-52498",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52498"
},
{
"name": "CVE-2024-26920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26920"
},
{
"name": "CVE-2024-27016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27016"
},
{
"name": "CVE-2024-26808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
},
{
"name": "CVE-2024-26835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26835"
},
{
"name": "CVE-2024-26976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26976"
},
{
"name": "CVE-2024-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27024"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2024-26668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26668"
},
{
"name": "CVE-2024-26669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26669"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2024-36933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36933"
},
{
"name": "CVE-2024-36939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36939"
},
{
"name": "CVE-2021-47289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47289"
},
{
"name": "CVE-2021-47341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47341"
},
{
"name": "CVE-2021-47373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47373"
},
{
"name": "CVE-2021-47425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47425"
},
{
"name": "CVE-2021-47549",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47549"
},
{
"name": "CVE-2023-52708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52708"
},
{
"name": "CVE-2023-52756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52756"
},
{
"name": "CVE-2023-52766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52766"
},
{
"name": "CVE-2023-52800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52800"
},
{
"name": "CVE-2023-52854",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52854"
},
{
"name": "CVE-2024-26758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26758"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2024-35915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35915"
},
{
"name": "CVE-2024-35933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35933"
},
{
"name": "CVE-2024-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35939"
},
{
"name": "CVE-2024-35965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35965"
},
{
"name": "CVE-2024-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35945"
},
{
"name": "CVE-2024-35971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35971"
},
{
"name": "CVE-2024-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36009"
},
{
"name": "CVE-2024-36013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36013"
},
{
"name": "CVE-2024-36936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36936"
},
{
"name": "CVE-2024-31076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-35897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35897"
},
{
"name": "CVE-2024-35902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35902"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2024-36288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36288"
},
{
"name": "CVE-2024-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38618"
},
{
"name": "CVE-2024-27403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27403"
},
{
"name": "CVE-2024-26944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26944"
},
{
"name": "CVE-2024-27049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27049"
},
{
"name": "CVE-2024-27050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27050"
},
{
"name": "CVE-2024-27079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27079"
},
{
"name": "CVE-2024-27433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27433"
},
{
"name": "CVE-2022-48751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48751"
},
{
"name": "CVE-2022-48769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48769"
},
{
"name": "CVE-2023-52735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52735"
},
{
"name": "CVE-2024-38548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38548"
},
{
"name": "CVE-2024-26677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26677"
},
{
"name": "CVE-2024-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26691"
},
{
"name": "CVE-2024-27010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27010"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2024-35913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35913"
},
{
"name": "CVE-2024-36270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2024-38662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38662"
},
{
"name": "CVE-2024-39476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
},
{
"name": "CVE-2024-39484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39484"
},
{
"name": "CVE-2024-39488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39488"
},
{
"name": "CVE-2024-39489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39489"
},
{
"name": "CVE-2024-39493",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39493"
},
{
"name": "CVE-2024-39499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
},
{
"name": "CVE-2024-39500",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39500"
},
{
"name": "CVE-2024-39501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
},
{
"name": "CVE-2024-39505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39505"
},
{
"name": "CVE-2024-39506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
},
{
"name": "CVE-2024-39509",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39509"
},
{
"name": "CVE-2024-39510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39510"
},
{
"name": "CVE-2024-40899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40899"
},
{
"name": "CVE-2024-40900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40900"
},
{
"name": "CVE-2024-40902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40902"
},
{
"name": "CVE-2024-40903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40903"
},
{
"name": "CVE-2024-40904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40904"
},
{
"name": "CVE-2024-40905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40905"
},
{
"name": "CVE-2024-40910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40910"
},
{
"name": "CVE-2024-40911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40911"
},
{
"name": "CVE-2024-40912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40912"
},
{
"name": "CVE-2024-40913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40913"
},
{
"name": "CVE-2024-40916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40916"
},
{
"name": "CVE-2024-40920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40920"
},
{
"name": "CVE-2024-40921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40921"
},
{
"name": "CVE-2024-40924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40924"
},
{
"name": "CVE-2024-40927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
},
{
"name": "CVE-2024-40929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40929"
},
{
"name": "CVE-2024-40932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40932"
},
{
"name": "CVE-2024-40934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40934"
},
{
"name": "CVE-2024-40938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40938"
},
{
"name": "CVE-2024-40939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40939"
},
{
"name": "CVE-2024-40941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40941"
},
{
"name": "CVE-2024-40942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40942"
},
{
"name": "CVE-2024-40943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40943"
},
{
"name": "CVE-2024-40945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40945"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-40956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40956"
},
{
"name": "CVE-2024-40957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40957"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2024-40959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
},
{
"name": "CVE-2024-40967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40967"
},
{
"name": "CVE-2024-40976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40976"
},
{
"name": "CVE-2024-40977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40977"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2024-40981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40981"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2024-40987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40987"
},
{
"name": "CVE-2024-40988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40988"
},
{
"name": "CVE-2024-40989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40989"
},
{
"name": "CVE-2024-40990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40990"
},
{
"name": "CVE-2024-40994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40994"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2024-41000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41000"
},
{
"name": "CVE-2024-41001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41001"
},
{
"name": "CVE-2024-41002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41002"
},
{
"name": "CVE-2024-41004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41004"
},
{
"name": "CVE-2024-26767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26767"
},
{
"name": "CVE-2024-36962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36962"
},
{
"name": "CVE-2024-38554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38554"
},
{
"name": "CVE-2024-38602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38602"
},
{
"name": "CVE-2022-48808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48808"
},
{
"name": "CVE-2024-35949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35949"
},
{
"name": "CVE-2024-36881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36881"
},
{
"name": "CVE-2024-36909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36909"
},
{
"name": "CVE-2024-36910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36910"
},
{
"name": "CVE-2024-36911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36911"
},
{
"name": "CVE-2024-36979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36979"
},
{
"name": "CVE-2024-38563",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38563"
},
{
"name": "CVE-2024-41011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41011"
},
{
"name": "CVE-2021-47257",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47257"
},
{
"name": "CVE-2023-52885",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52885"
},
{
"name": "CVE-2024-26837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26837"
},
{
"name": "CVE-2021-47546",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47546"
},
{
"name": "CVE-2022-48775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48775"
},
{
"name": "CVE-2022-48778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48778"
},
{
"name": "CVE-2022-48786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48786"
},
{
"name": "CVE-2022-48787",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48787"
},
{
"name": "CVE-2022-48788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48788"
},
{
"name": "CVE-2022-48789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48789"
},
{
"name": "CVE-2022-48790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48790"
},
{
"name": "CVE-2022-48798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48798"
},
{
"name": "CVE-2022-48802",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48802"
},
{
"name": "CVE-2022-48805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48805"
},
{
"name": "CVE-2022-48811",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48811"
},
{
"name": "CVE-2022-48822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48822"
},
{
"name": "CVE-2022-48823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48823"
},
{
"name": "CVE-2022-48824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48824"
},
{
"name": "CVE-2022-48827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48827"
},
{
"name": "CVE-2022-48834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48834"
},
{
"name": "CVE-2022-48835",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48835"
},
{
"name": "CVE-2022-48836",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48836"
},
{
"name": "CVE-2022-48837",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48837"
},
{
"name": "CVE-2022-48838",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48838"
},
{
"name": "CVE-2022-48839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48839"
},
{
"name": "CVE-2022-48843",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48843"
},
{
"name": "CVE-2022-48851",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48851"
},
{
"name": "CVE-2022-48853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48853"
},
{
"name": "CVE-2022-48856",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48856"
},
{
"name": "CVE-2022-48857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48857"
},
{
"name": "CVE-2022-48858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48858"
},
{
"name": "CVE-2023-52886",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52886"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-39508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39508"
},
{
"name": "CVE-2024-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40909"
},
{
"name": "CVE-2024-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40982"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-41015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41015"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
},
{
"name": "CVE-2024-41041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41041"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-41048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41048"
},
{
"name": "CVE-2024-41057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41057"
},
{
"name": "CVE-2024-41058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41058"
},
{
"name": "CVE-2024-41059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41059"
},
{
"name": "CVE-2024-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41060"
},
{
"name": "CVE-2024-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41063"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-41069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41069"
},
{
"name": "CVE-2024-41070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41070"
},
{
"name": "CVE-2024-41071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41071"
},
{
"name": "CVE-2024-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41072"
},
{
"name": "CVE-2024-41076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
},
{
"name": "CVE-2024-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41078"
},
{
"name": "CVE-2024-41081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41081"
},
{
"name": "CVE-2024-41087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41087"
},
{
"name": "CVE-2024-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41089"
},
{
"name": "CVE-2024-41095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41095"
},
{
"name": "CVE-2024-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42070"
},
{
"name": "CVE-2024-42079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42079"
},
{
"name": "CVE-2024-42093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42093"
},
{
"name": "CVE-2024-42096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42096"
},
{
"name": "CVE-2024-42105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42105"
},
{
"name": "CVE-2024-42119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42119"
},
{
"name": "CVE-2024-42120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42120"
},
{
"name": "CVE-2024-42122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42122"
},
{
"name": "CVE-2024-42124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
},
{
"name": "CVE-2024-42161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42161"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-42224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42224"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2024-41007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41007"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-41022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41022"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2024-41049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41049"
},
{
"name": "CVE-2024-41065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41065"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2024-42104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42104"
},
{
"name": "CVE-2024-42106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42106"
},
{
"name": "CVE-2024-42115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42115"
},
{
"name": "CVE-2024-42121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42121"
},
{
"name": "CVE-2024-42127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42127"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-42137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42137"
},
{
"name": "CVE-2024-42143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42143"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-42153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42153"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2024-42110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42110"
},
{
"name": "CVE-2024-40936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40936"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2024-41096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41096"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2023-52887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52887"
},
{
"name": "CVE-2024-39483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39483"
},
{
"name": "CVE-2024-39491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39491"
},
{
"name": "CVE-2024-40922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40922"
},
{
"name": "CVE-2024-40926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40926"
},
{
"name": "CVE-2024-40930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40930"
},
{
"name": "CVE-2024-40944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40944"
},
{
"name": "CVE-2024-40962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40962"
},
{
"name": "CVE-2024-40964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40964"
},
{
"name": "CVE-2024-40992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40992"
},
{
"name": "CVE-2024-40997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40997"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-41093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2024-42076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42076"
},
{
"name": "CVE-2024-42077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42077"
},
{
"name": "CVE-2024-42080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42080"
},
{
"name": "CVE-2024-42085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42085"
},
{
"name": "CVE-2024-42086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42086"
},
{
"name": "CVE-2024-42087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42087"
},
{
"name": "CVE-2024-42089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42089"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2024-42092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42092"
},
{
"name": "CVE-2024-42095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42095"
},
{
"name": "CVE-2024-42097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42097"
},
{
"name": "CVE-2024-42098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42098"
},
{
"name": "CVE-2024-42109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42109"
},
{
"name": "CVE-2024-42130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42130"
},
{
"name": "CVE-2024-42225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42225"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2024-42270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42270"
},
{
"name": "CVE-2021-4440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4440"
},
{
"name": "CVE-2021-4441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4441"
},
{
"name": "CVE-2021-47106",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47106"
},
{
"name": "CVE-2021-47517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47517"
},
{
"name": "CVE-2022-48645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48645"
},
{
"name": "CVE-2022-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48706"
},
{
"name": "CVE-2022-48865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48865"
},
{
"name": "CVE-2022-48868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48868"
},
{
"name": "CVE-2022-48869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48869"
},
{
"name": "CVE-2022-48870",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48870"
},
{
"name": "CVE-2022-48871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48871"
},
{
"name": "CVE-2022-48872",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48872"
},
{
"name": "CVE-2022-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48873"
},
{
"name": "CVE-2022-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48875"
},
{
"name": "CVE-2022-48878",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48878"
},
{
"name": "CVE-2022-48880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48880"
},
{
"name": "CVE-2022-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48881"
},
{
"name": "CVE-2022-48882",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48882"
},
{
"name": "CVE-2022-48883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48883"
},
{
"name": "CVE-2022-48884",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48884"
},
{
"name": "CVE-2022-48885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48885"
},
{
"name": "CVE-2022-48886",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48886"
},
{
"name": "CVE-2022-48887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48887"
},
{
"name": "CVE-2022-48888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48888"
},
{
"name": "CVE-2022-48889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48889"
},
{
"name": "CVE-2022-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48890"
},
{
"name": "CVE-2022-48891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48891"
},
{
"name": "CVE-2022-48893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48893"
},
{
"name": "CVE-2022-48896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48896"
},
{
"name": "CVE-2022-48898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48898"
},
{
"name": "CVE-2022-48899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48899"
},
{
"name": "CVE-2022-48901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48901"
},
{
"name": "CVE-2022-48903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48903"
},
{
"name": "CVE-2022-48904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48904"
},
{
"name": "CVE-2022-48905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48905"
},
{
"name": "CVE-2022-48906",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48906"
},
{
"name": "CVE-2022-48907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48907"
},
{
"name": "CVE-2022-48909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48909"
},
{
"name": "CVE-2022-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48910"
},
{
"name": "CVE-2022-48912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48912"
},
{
"name": "CVE-2022-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48913"
},
{
"name": "CVE-2022-48914",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48914"
},
{
"name": "CVE-2022-48915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48915"
},
{
"name": "CVE-2022-48916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48916"
},
{
"name": "CVE-2022-48917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48917"
},
{
"name": "CVE-2022-48918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48918"
},
{
"name": "CVE-2022-48919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48919"
},
{
"name": "CVE-2022-48920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48920"
},
{
"name": "CVE-2022-48921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48921"
},
{
"name": "CVE-2022-48923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48923"
},
{
"name": "CVE-2022-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48924"
},
{
"name": "CVE-2022-48925",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48925"
},
{
"name": "CVE-2022-48926",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48926"
},
{
"name": "CVE-2022-48927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48927"
},
{
"name": "CVE-2022-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48928"
},
{
"name": "CVE-2022-48929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48929"
},
{
"name": "CVE-2022-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48930"
},
{
"name": "CVE-2022-48931",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48931"
},
{
"name": "CVE-2022-48932",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48932"
},
{
"name": "CVE-2022-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48933"
},
{
"name": "CVE-2022-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48934"
},
{
"name": "CVE-2022-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48935"
},
{
"name": "CVE-2022-48937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48937"
},
{
"name": "CVE-2022-48938",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48938"
},
{
"name": "CVE-2022-48939",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48939"
},
{
"name": "CVE-2022-48940",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48940"
},
{
"name": "CVE-2022-48941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48941"
},
{
"name": "CVE-2022-48942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48942"
},
{
"name": "CVE-2022-48943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48943"
},
{
"name": "CVE-2023-52668",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52668"
},
{
"name": "CVE-2023-52688",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52688"
},
{
"name": "CVE-2023-52802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52802"
},
{
"name": "CVE-2023-52859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52859"
},
{
"name": "CVE-2023-52889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52889"
},
{
"name": "CVE-2023-52893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52893"
},
{
"name": "CVE-2023-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52894"
},
{
"name": "CVE-2023-52896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52896"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2023-52899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52899"
},
{
"name": "CVE-2023-52900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52900"
},
{
"name": "CVE-2023-52901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52901"
},
{
"name": "CVE-2023-52904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52904"
},
{
"name": "CVE-2023-52905",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52905"
},
{
"name": "CVE-2023-52906",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52906"
},
{
"name": "CVE-2023-52907",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52907"
},
{
"name": "CVE-2023-52908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52908"
},
{
"name": "CVE-2023-52909",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52909"
},
{
"name": "CVE-2023-52910",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52910"
},
{
"name": "CVE-2023-52911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52911"
},
{
"name": "CVE-2023-52912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52912"
},
{
"name": "CVE-2023-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52913"
},
{
"name": "CVE-2024-26637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26637"
},
{
"name": "CVE-2024-26682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26682"
},
{
"name": "CVE-2024-26683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26683"
},
{
"name": "CVE-2024-26849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26849"
},
{
"name": "CVE-2024-36907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36907"
},
{
"name": "CVE-2024-36970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36970"
},
{
"name": "CVE-2024-38609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38609"
},
{
"name": "CVE-2024-39486",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39486"
},
{
"name": "CVE-2024-41010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41010"
},
{
"name": "CVE-2024-41024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41024"
},
{
"name": "CVE-2024-41025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41025"
},
{
"name": "CVE-2024-41028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41028"
},
{
"name": "CVE-2024-41032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41032"
},
{
"name": "CVE-2024-41036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41036"
},
{
"name": "CVE-2024-41037",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41037"
},
{
"name": "CVE-2024-41038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41038"
},
{
"name": "CVE-2024-41039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41039"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2024-41045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41045"
},
{
"name": "CVE-2024-41050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41050"
},
{
"name": "CVE-2024-41051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41051"
},
{
"name": "CVE-2024-41056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41056"
},
{
"name": "CVE-2024-41061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41061"
},
{
"name": "CVE-2024-41062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41062"
},
{
"name": "CVE-2024-41074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41074"
},
{
"name": "CVE-2024-41075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41075"
},
{
"name": "CVE-2024-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41079"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-41084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41084"
},
{
"name": "CVE-2024-41088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41088"
},
{
"name": "CVE-2024-41094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41094"
},
{
"name": "CVE-2024-41098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41098"
},
{
"name": "CVE-2024-42064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42064"
},
{
"name": "CVE-2024-42069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42069"
},
{
"name": "CVE-2024-42073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42073"
},
{
"name": "CVE-2024-42074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42074"
},
{
"name": "CVE-2024-42107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42107"
},
{
"name": "CVE-2024-42113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42113"
},
{
"name": "CVE-2024-42114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42114"
},
{
"name": "CVE-2024-42117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42117"
},
{
"name": "CVE-2024-42125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42125"
},
{
"name": "CVE-2024-42126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42126"
},
{
"name": "CVE-2024-42132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42132"
},
{
"name": "CVE-2024-42133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42133"
},
{
"name": "CVE-2024-42136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42136"
},
{
"name": "CVE-2024-42138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42138"
},
{
"name": "CVE-2024-42139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42139"
},
{
"name": "CVE-2024-42141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42141"
},
{
"name": "CVE-2024-42142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42142"
},
{
"name": "CVE-2024-42144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42144"
},
{
"name": "CVE-2024-42147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42147"
},
{
"name": "CVE-2024-42155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42155"
},
{
"name": "CVE-2024-42156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42156"
},
{
"name": "CVE-2024-42158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42158"
},
{
"name": "CVE-2024-42159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42159"
},
{
"name": "CVE-2024-42162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42162"
},
{
"name": "CVE-2024-42226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42226"
},
{
"name": "CVE-2024-42227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42227"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2024-42237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-42239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42239"
},
{
"name": "CVE-2024-42241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42241"
},
{
"name": "CVE-2024-42245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42245"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-42250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42250"
},
{
"name": "CVE-2024-42253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42253"
},
{
"name": "CVE-2024-42259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42259"
},
{
"name": "CVE-2024-42268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42268"
},
{
"name": "CVE-2024-42269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42269"
},
{
"name": "CVE-2024-42271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42271"
},
{
"name": "CVE-2024-42274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42274"
},
{
"name": "CVE-2024-42276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42276"
},
{
"name": "CVE-2024-42277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42277"
},
{
"name": "CVE-2024-42278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42278"
},
{
"name": "CVE-2024-42279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42279"
},
{
"name": "CVE-2024-42280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42280"
},
{
"name": "CVE-2024-42281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42281"
},
{
"name": "CVE-2024-42283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42283"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-42285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42285"
},
{
"name": "CVE-2024-42286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42286"
},
{
"name": "CVE-2024-42287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42287"
},
{
"name": "CVE-2024-42288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42288"
},
{
"name": "CVE-2024-42289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42289"
},
{
"name": "CVE-2024-42290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42290"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
},
{
"name": "CVE-2024-42295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42295"
},
{
"name": "CVE-2024-42298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42298"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2024-42302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42302"
},
{
"name": "CVE-2024-42303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42303"
},
{
"name": "CVE-2024-42308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42308"
},
{
"name": "CVE-2024-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42309"
},
{
"name": "CVE-2024-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42310"
},
{
"name": "CVE-2024-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42311"
},
{
"name": "CVE-2024-42312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42312"
},
{
"name": "CVE-2024-42313",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42313"
},
{
"name": "CVE-2024-42314",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42314"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-42316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42316"
},
{
"name": "CVE-2024-42318",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42318"
},
{
"name": "CVE-2024-42319",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42319"
},
{
"name": "CVE-2024-42320",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42320"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43816"
},
{
"name": "CVE-2024-43817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43817"
},
{
"name": "CVE-2024-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43818"
},
{
"name": "CVE-2024-43819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43819"
},
{
"name": "CVE-2024-43821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43821"
},
{
"name": "CVE-2024-43823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43823"
},
{
"name": "CVE-2024-43824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43824"
},
{
"name": "CVE-2024-43825",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43825"
},
{
"name": "CVE-2024-43826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43826"
},
{
"name": "CVE-2024-43829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43829"
},
{
"name": "CVE-2024-43830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
},
{
"name": "CVE-2024-43831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43831"
},
{
"name": "CVE-2024-43833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43833"
},
{
"name": "CVE-2024-43834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43834"
},
{
"name": "CVE-2024-43837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43837"
},
{
"name": "CVE-2024-43839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43839"
},
{
"name": "CVE-2024-43840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43840"
},
{
"name": "CVE-2024-43841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43841"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2024-43846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43846"
},
{
"name": "CVE-2024-43847",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43847"
},
{
"name": "CVE-2024-43849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43849"
},
{
"name": "CVE-2024-43850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43850"
},
{
"name": "CVE-2024-43851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43851"
},
{
"name": "CVE-2024-43853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43853"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-43855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43855"
},
{
"name": "CVE-2024-43856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43856"
},
{
"name": "CVE-2024-43858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43858"
},
{
"name": "CVE-2024-43860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43860"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-43864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43864"
},
{
"name": "CVE-2024-43866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43866"
},
{
"name": "CVE-2024-43867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43867"
},
{
"name": "CVE-2024-43871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43871"
},
{
"name": "CVE-2024-43872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43872"
},
{
"name": "CVE-2024-43873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43873"
},
{
"name": "CVE-2024-43874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43874"
},
{
"name": "CVE-2024-43875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43875"
},
{
"name": "CVE-2024-43876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43876"
},
{
"name": "CVE-2024-43877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43877"
},
{
"name": "CVE-2024-43879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43879"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-43881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43881"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2024-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43883"
},
{
"name": "CVE-2024-43884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43884"
},
{
"name": "CVE-2024-43885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43885"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-43894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43894"
},
{
"name": "CVE-2024-43895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43895"
},
{
"name": "CVE-2024-43897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43897"
},
{
"name": "CVE-2024-43899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43899"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-43902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43902"
},
{
"name": "CVE-2024-43903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43903"
},
{
"name": "CVE-2024-43904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43904"
},
{
"name": "CVE-2024-43905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43905"
},
{
"name": "CVE-2024-43906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43906"
},
{
"name": "CVE-2024-43907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43907"
},
{
"name": "CVE-2024-43908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43908"
},
{
"name": "CVE-2024-43909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43909"
},
{
"name": "CVE-2024-43911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43911"
},
{
"name": "CVE-2024-43912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43912"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0779",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3189-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3195-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3190-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243190-1"
},
{
"published_at": "2024-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3225-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243225-1"
},
{
"published_at": "2024-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3227-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243227-1"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3209-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243209-1"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3194-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243194-1"
}
]
}
CERTFR-2024-AVI-0822
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | Basesystem Module | Basesystem Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.6 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | Legacy Module 15-SP6 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | N/A | Development Tools Module 15-SP6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP6",
"product": {
"name": "Basesystem Module",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Legacy Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-4382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4382"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2024-26622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26622"
},
{
"name": "CVE-2023-52502",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52502"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2024-26631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26631"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2024-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26766"
},
{
"name": "CVE-2024-27437",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27437"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2024-26590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26590"
},
{
"name": "CVE-2024-26812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26812"
},
{
"name": "CVE-2024-26809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26809"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-26889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26889"
},
{
"name": "CVE-2024-26920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26920"
},
{
"name": "CVE-2024-26808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
},
{
"name": "CVE-2024-26835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26835"
},
{
"name": "CVE-2024-26976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26976"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2024-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27024"
},
{
"name": "CVE-2024-26923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26923"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2024-26668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26668"
},
{
"name": "CVE-2024-26669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26669"
},
{
"name": "CVE-2022-48651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48651"
},
{
"name": "CVE-2022-48662",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48662"
},
{
"name": "CVE-2024-26930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26930"
},
{
"name": "CVE-2024-26828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
},
{
"name": "CVE-2024-27398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27398"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2024-36933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36933"
},
{
"name": "CVE-2024-36939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36939"
},
{
"name": "CVE-2024-35817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35817"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2024-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35939"
},
{
"name": "CVE-2024-35950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35950"
},
{
"name": "CVE-2023-52772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52772"
},
{
"name": "CVE-2024-36921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
},
{
"name": "CVE-2024-31076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-35897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35897"
},
{
"name": "CVE-2024-35902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35902"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2024-36288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36288"
},
{
"name": "CVE-2024-27403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27403"
},
{
"name": "CVE-2024-26944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26944"
},
{
"name": "CVE-2024-27049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27049"
},
{
"name": "CVE-2024-27050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27050"
},
{
"name": "CVE-2024-27079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27079"
},
{
"name": "CVE-2024-27433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27433"
},
{
"name": "CVE-2023-52735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52735"
},
{
"name": "CVE-2023-52846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52846"
},
{
"name": "CVE-2024-38548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38548"
},
{
"name": "CVE-2024-26677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26677"
},
{
"name": "CVE-2024-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26691"
},
{
"name": "CVE-2024-27010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27010"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2024-35913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35913"
},
{
"name": "CVE-2024-36270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2024-38662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38662"
},
{
"name": "CVE-2024-39476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
},
{
"name": "CVE-2024-39484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39484"
},
{
"name": "CVE-2024-39488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39488"
},
{
"name": "CVE-2024-39489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39489"
},
{
"name": "CVE-2024-39493",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39493"
},
{
"name": "CVE-2024-39499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
},
{
"name": "CVE-2024-39500",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39500"
},
{
"name": "CVE-2024-39501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
},
{
"name": "CVE-2024-39505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39505"
},
{
"name": "CVE-2024-39506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
},
{
"name": "CVE-2024-39509",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39509"
},
{
"name": "CVE-2024-39510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39510"
},
{
"name": "CVE-2024-40899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40899"
},
{
"name": "CVE-2024-40900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40900"
},
{
"name": "CVE-2024-40902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40902"
},
{
"name": "CVE-2024-40903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40903"
},
{
"name": "CVE-2024-40904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40904"
},
{
"name": "CVE-2024-40905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40905"
},
{
"name": "CVE-2024-40910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40910"
},
{
"name": "CVE-2024-40911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40911"
},
{
"name": "CVE-2024-40912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40912"
},
{
"name": "CVE-2024-40913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40913"
},
{
"name": "CVE-2024-40916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40916"
},
{
"name": "CVE-2024-40920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40920"
},
{
"name": "CVE-2024-40921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40921"
},
{
"name": "CVE-2024-40924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40924"
},
{
"name": "CVE-2024-40927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
},
{
"name": "CVE-2024-40929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40929"
},
{
"name": "CVE-2024-40932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40932"
},
{
"name": "CVE-2024-40934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40934"
},
{
"name": "CVE-2024-40938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40938"
},
{
"name": "CVE-2024-40939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40939"
},
{
"name": "CVE-2024-40941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40941"
},
{
"name": "CVE-2024-40942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40942"
},
{
"name": "CVE-2024-40943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40943"
},
{
"name": "CVE-2024-40945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40945"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-40956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40956"
},
{
"name": "CVE-2024-40957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40957"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2024-40959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
},
{
"name": "CVE-2024-40967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40967"
},
{
"name": "CVE-2024-40976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40976"
},
{
"name": "CVE-2024-40977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40977"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2024-40981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40981"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2024-40987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40987"
},
{
"name": "CVE-2024-40988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40988"
},
{
"name": "CVE-2024-40989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40989"
},
{
"name": "CVE-2024-40990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40990"
},
{
"name": "CVE-2024-40994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40994"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2024-41000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41000"
},
{
"name": "CVE-2024-41001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41001"
},
{
"name": "CVE-2024-41002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41002"
},
{
"name": "CVE-2024-41004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41004"
},
{
"name": "CVE-2024-35949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35949"
},
{
"name": "CVE-2024-36881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36881"
},
{
"name": "CVE-2024-36909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36909"
},
{
"name": "CVE-2024-36910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36910"
},
{
"name": "CVE-2024-36911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36911"
},
{
"name": "CVE-2024-36979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36979"
},
{
"name": "CVE-2024-38563",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38563"
},
{
"name": "CVE-2024-41011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41011"
},
{
"name": "CVE-2023-52885",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52885"
},
{
"name": "CVE-2024-26837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26837"
},
{
"name": "CVE-2023-52886",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52886"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-39508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39508"
},
{
"name": "CVE-2024-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40909"
},
{
"name": "CVE-2024-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40982"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-41015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41015"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
},
{
"name": "CVE-2024-41041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41041"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-41048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41048"
},
{
"name": "CVE-2024-41057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41057"
},
{
"name": "CVE-2024-41058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41058"
},
{
"name": "CVE-2024-41059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41059"
},
{
"name": "CVE-2024-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41060"
},
{
"name": "CVE-2024-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41063"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-41069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41069"
},
{
"name": "CVE-2024-41070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41070"
},
{
"name": "CVE-2024-41071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41071"
},
{
"name": "CVE-2024-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41072"
},
{
"name": "CVE-2024-41076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
},
{
"name": "CVE-2024-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41078"
},
{
"name": "CVE-2024-41081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41081"
},
{
"name": "CVE-2024-41087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41087"
},
{
"name": "CVE-2024-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41089"
},
{
"name": "CVE-2024-41095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41095"
},
{
"name": "CVE-2024-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42070"
},
{
"name": "CVE-2024-42079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42079"
},
{
"name": "CVE-2024-42093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42093"
},
{
"name": "CVE-2024-42096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42096"
},
{
"name": "CVE-2024-42105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42105"
},
{
"name": "CVE-2024-42119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42119"
},
{
"name": "CVE-2024-42120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42120"
},
{
"name": "CVE-2024-42122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42122"
},
{
"name": "CVE-2024-42124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
},
{
"name": "CVE-2024-42161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42161"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-42224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42224"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2024-41007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41007"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-41022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41022"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2024-41049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41049"
},
{
"name": "CVE-2024-41065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41065"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2024-42104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42104"
},
{
"name": "CVE-2024-42106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42106"
},
{
"name": "CVE-2024-42115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42115"
},
{
"name": "CVE-2024-42121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42121"
},
{
"name": "CVE-2024-42127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42127"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-42137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42137"
},
{
"name": "CVE-2024-42143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42143"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-42153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42153"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2024-42110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42110"
},
{
"name": "CVE-2024-40936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40936"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2024-41096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41096"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2023-52887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52887"
},
{
"name": "CVE-2024-39483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39483"
},
{
"name": "CVE-2024-39491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39491"
},
{
"name": "CVE-2024-40922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40922"
},
{
"name": "CVE-2024-40926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40926"
},
{
"name": "CVE-2024-40930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40930"
},
{
"name": "CVE-2024-40944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40944"
},
{
"name": "CVE-2024-40962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40962"
},
{
"name": "CVE-2024-40964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40964"
},
{
"name": "CVE-2024-40992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40992"
},
{
"name": "CVE-2024-40997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40997"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-41093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2024-42076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42076"
},
{
"name": "CVE-2024-42077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42077"
},
{
"name": "CVE-2024-42080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42080"
},
{
"name": "CVE-2024-42085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42085"
},
{
"name": "CVE-2024-42086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42086"
},
{
"name": "CVE-2024-42087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42087"
},
{
"name": "CVE-2024-42089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42089"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2024-42092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42092"
},
{
"name": "CVE-2024-42095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42095"
},
{
"name": "CVE-2024-42097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42097"
},
{
"name": "CVE-2024-42098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42098"
},
{
"name": "CVE-2024-42109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42109"
},
{
"name": "CVE-2024-42130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42130"
},
{
"name": "CVE-2024-42225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42225"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2024-42270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42270"
},
{
"name": "CVE-2021-4441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4441"
},
{
"name": "CVE-2022-48868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48868"
},
{
"name": "CVE-2022-48869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48869"
},
{
"name": "CVE-2022-48870",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48870"
},
{
"name": "CVE-2022-48871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48871"
},
{
"name": "CVE-2022-48872",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48872"
},
{
"name": "CVE-2022-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48873"
},
{
"name": "CVE-2022-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48875"
},
{
"name": "CVE-2022-48878",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48878"
},
{
"name": "CVE-2022-48880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48880"
},
{
"name": "CVE-2022-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48890"
},
{
"name": "CVE-2022-48891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48891"
},
{
"name": "CVE-2022-48896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48896"
},
{
"name": "CVE-2022-48898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48898"
},
{
"name": "CVE-2022-48899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48899"
},
{
"name": "CVE-2022-48903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48903"
},
{
"name": "CVE-2022-48904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48904"
},
{
"name": "CVE-2022-48905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48905"
},
{
"name": "CVE-2022-48907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48907"
},
{
"name": "CVE-2022-48909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48909"
},
{
"name": "CVE-2022-48912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48912"
},
{
"name": "CVE-2022-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48913"
},
{
"name": "CVE-2022-48914",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48914"
},
{
"name": "CVE-2022-48915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48915"
},
{
"name": "CVE-2022-48916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48916"
},
{
"name": "CVE-2022-48917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48917"
},
{
"name": "CVE-2022-48918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48918"
},
{
"name": "CVE-2022-48919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48919"
},
{
"name": "CVE-2022-48921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48921"
},
{
"name": "CVE-2022-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48924"
},
{
"name": "CVE-2022-48925",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48925"
},
{
"name": "CVE-2022-48926",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48926"
},
{
"name": "CVE-2022-48927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48927"
},
{
"name": "CVE-2022-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48928"
},
{
"name": "CVE-2022-48929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48929"
},
{
"name": "CVE-2022-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48930"
},
{
"name": "CVE-2022-48931",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48931"
},
{
"name": "CVE-2022-48932",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48932"
},
{
"name": "CVE-2022-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48934"
},
{
"name": "CVE-2022-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48935"
},
{
"name": "CVE-2022-48937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48937"
},
{
"name": "CVE-2022-48938",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48938"
},
{
"name": "CVE-2022-48941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48941"
},
{
"name": "CVE-2022-48942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48942"
},
{
"name": "CVE-2022-48943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48943"
},
{
"name": "CVE-2023-52668",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52668"
},
{
"name": "CVE-2023-52688",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52688"
},
{
"name": "CVE-2023-52859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52859"
},
{
"name": "CVE-2023-52889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52889"
},
{
"name": "CVE-2023-52893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52893"
},
{
"name": "CVE-2023-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52894"
},
{
"name": "CVE-2023-52896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52896"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2023-52900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52900"
},
{
"name": "CVE-2023-52901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52901"
},
{
"name": "CVE-2023-52905",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52905"
},
{
"name": "CVE-2023-52907",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52907"
},
{
"name": "CVE-2023-52911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52911"
},
{
"name": "CVE-2024-26637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26637"
},
{
"name": "CVE-2024-26682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26682"
},
{
"name": "CVE-2024-26683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26683"
},
{
"name": "CVE-2024-26849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26849"
},
{
"name": "CVE-2024-36907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36907"
},
{
"name": "CVE-2024-36970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36970"
},
{
"name": "CVE-2024-38609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38609"
},
{
"name": "CVE-2024-39486",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39486"
},
{
"name": "CVE-2024-41010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41010"
},
{
"name": "CVE-2024-41024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41024"
},
{
"name": "CVE-2024-41025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41025"
},
{
"name": "CVE-2024-41028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41028"
},
{
"name": "CVE-2024-41032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41032"
},
{
"name": "CVE-2024-41036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41036"
},
{
"name": "CVE-2024-41037",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41037"
},
{
"name": "CVE-2024-41038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41038"
},
{
"name": "CVE-2024-41039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41039"
},
{
"name": "CVE-2024-41045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41045"
},
{
"name": "CVE-2024-41050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41050"
},
{
"name": "CVE-2024-41051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41051"
},
{
"name": "CVE-2024-41056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41056"
},
{
"name": "CVE-2024-41061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41061"
},
{
"name": "CVE-2024-41062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41062"
},
{
"name": "CVE-2024-41074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41074"
},
{
"name": "CVE-2024-41075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41075"
},
{
"name": "CVE-2024-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41079"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-41084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41084"
},
{
"name": "CVE-2024-41088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41088"
},
{
"name": "CVE-2024-41094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41094"
},
{
"name": "CVE-2024-41098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41098"
},
{
"name": "CVE-2024-42064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42064"
},
{
"name": "CVE-2024-42069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42069"
},
{
"name": "CVE-2024-42073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42073"
},
{
"name": "CVE-2024-42074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42074"
},
{
"name": "CVE-2024-42107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42107"
},
{
"name": "CVE-2024-42113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42113"
},
{
"name": "CVE-2024-42114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42114"
},
{
"name": "CVE-2024-42117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42117"
},
{
"name": "CVE-2024-42125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42125"
},
{
"name": "CVE-2024-42126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42126"
},
{
"name": "CVE-2024-42132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42132"
},
{
"name": "CVE-2024-42133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42133"
},
{
"name": "CVE-2024-42136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42136"
},
{
"name": "CVE-2024-42138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42138"
},
{
"name": "CVE-2024-42139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42139"
},
{
"name": "CVE-2024-42141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42141"
},
{
"name": "CVE-2024-42142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42142"
},
{
"name": "CVE-2024-42144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42144"
},
{
"name": "CVE-2024-42147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42147"
},
{
"name": "CVE-2024-42155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42155"
},
{
"name": "CVE-2024-42156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42156"
},
{
"name": "CVE-2024-42158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42158"
},
{
"name": "CVE-2024-42159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42159"
},
{
"name": "CVE-2024-42162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42162"
},
{
"name": "CVE-2024-42226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42226"
},
{
"name": "CVE-2024-42227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42227"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2024-42237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-42239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42239"
},
{
"name": "CVE-2024-42241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42241"
},
{
"name": "CVE-2024-42245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42245"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-42250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42250"
},
{
"name": "CVE-2024-42253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42253"
},
{
"name": "CVE-2024-42259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42259"
},
{
"name": "CVE-2024-42268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42268"
},
{
"name": "CVE-2024-42269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42269"
},
{
"name": "CVE-2024-42271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42271"
},
{
"name": "CVE-2024-42274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42274"
},
{
"name": "CVE-2024-42276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42276"
},
{
"name": "CVE-2024-42277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42277"
},
{
"name": "CVE-2024-42278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42278"
},
{
"name": "CVE-2024-42279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42279"
},
{
"name": "CVE-2024-42280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42280"
},
{
"name": "CVE-2024-42281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42281"
},
{
"name": "CVE-2024-42283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42283"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-42285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42285"
},
{
"name": "CVE-2024-42286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42286"
},
{
"name": "CVE-2024-42287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42287"
},
{
"name": "CVE-2024-42288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42288"
},
{
"name": "CVE-2024-42289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42289"
},
{
"name": "CVE-2024-42290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42290"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
},
{
"name": "CVE-2024-42295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42295"
},
{
"name": "CVE-2024-42298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42298"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2024-42302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42302"
},
{
"name": "CVE-2024-42303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42303"
},
{
"name": "CVE-2024-42308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42308"
},
{
"name": "CVE-2024-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42309"
},
{
"name": "CVE-2024-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42310"
},
{
"name": "CVE-2024-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42311"
},
{
"name": "CVE-2024-42312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42312"
},
{
"name": "CVE-2024-42313",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42313"
},
{
"name": "CVE-2024-42314",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42314"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-42316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42316"
},
{
"name": "CVE-2024-42318",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42318"
},
{
"name": "CVE-2024-42319",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42319"
},
{
"name": "CVE-2024-42320",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42320"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43816"
},
{
"name": "CVE-2024-43817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43817"
},
{
"name": "CVE-2024-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43818"
},
{
"name": "CVE-2024-43819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43819"
},
{
"name": "CVE-2024-43821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43821"
},
{
"name": "CVE-2024-43823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43823"
},
{
"name": "CVE-2024-43824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43824"
},
{
"name": "CVE-2024-43825",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43825"
},
{
"name": "CVE-2024-43826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43826"
},
{
"name": "CVE-2024-43829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43829"
},
{
"name": "CVE-2024-43830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
},
{
"name": "CVE-2024-43831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43831"
},
{
"name": "CVE-2024-43833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43833"
},
{
"name": "CVE-2024-43834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43834"
},
{
"name": "CVE-2024-43837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43837"
},
{
"name": "CVE-2024-43839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43839"
},
{
"name": "CVE-2024-43840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43840"
},
{
"name": "CVE-2024-43841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43841"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2024-43846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43846"
},
{
"name": "CVE-2024-43847",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43847"
},
{
"name": "CVE-2024-43849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43849"
},
{
"name": "CVE-2024-43850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43850"
},
{
"name": "CVE-2024-43851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43851"
},
{
"name": "CVE-2024-43853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43853"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-43855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43855"
},
{
"name": "CVE-2024-43856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43856"
},
{
"name": "CVE-2024-43858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43858"
},
{
"name": "CVE-2024-43860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43860"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-43864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43864"
},
{
"name": "CVE-2024-43866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43866"
},
{
"name": "CVE-2024-43867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43867"
},
{
"name": "CVE-2024-43871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43871"
},
{
"name": "CVE-2024-43872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43872"
},
{
"name": "CVE-2024-43873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43873"
},
{
"name": "CVE-2024-43874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43874"
},
{
"name": "CVE-2024-43875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43875"
},
{
"name": "CVE-2024-43876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43876"
},
{
"name": "CVE-2024-43877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43877"
},
{
"name": "CVE-2024-43879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43879"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-43881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43881"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2024-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43883"
},
{
"name": "CVE-2024-43884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43884"
},
{
"name": "CVE-2024-43885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43885"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-43894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43894"
},
{
"name": "CVE-2024-43895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43895"
},
{
"name": "CVE-2024-43897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43897"
},
{
"name": "CVE-2024-43899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43899"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-43902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43902"
},
{
"name": "CVE-2024-43903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43903"
},
{
"name": "CVE-2024-43905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43905"
},
{
"name": "CVE-2024-43906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43906"
},
{
"name": "CVE-2024-43907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43907"
},
{
"name": "CVE-2024-43908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43908"
},
{
"name": "CVE-2024-43909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43909"
},
{
"name": "CVE-2024-43911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43911"
},
{
"name": "CVE-2024-43912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43912"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
},
{
"name": "CVE-2024-45003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45003"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0822",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3398-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243398-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3399-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243399-1"
},
{
"published_at": "2024-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3425-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243425-1"
},
{
"published_at": "2024-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3408-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243408-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3370-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243370-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3403-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243403-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3387-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243387-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3379-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243379-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3368-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243368-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3363-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243363-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3405-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243405-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3365-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243365-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3361-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243361-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3383-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243383-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3395-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243395-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3375-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243375-1"
}
]
}
CERTFR-2024-AVI-0800
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | openSUSE Leap Micro 5.5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Manager Proxy 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP3 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12 12-SP5 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12 SP5 | ||
| SUSE | N/A | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | openSUSE Leap 15.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "openSUSE Leap Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-43907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43907"
},
{
"name": "CVE-2024-38662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38662"
},
{
"name": "CVE-2024-42155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42155"
},
{
"name": "CVE-2022-48651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48651"
},
{
"name": "CVE-2022-48786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48786"
},
{
"name": "CVE-2024-42162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42162"
},
{
"name": "CVE-2023-52854",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52854"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-42280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42280"
},
{
"name": "CVE-2024-43819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43819"
},
{
"name": "CVE-2024-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42310"
},
{
"name": "CVE-2022-48837",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48837"
},
{
"name": "CVE-2023-52846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52846"
},
{
"name": "CVE-2022-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48910"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2022-48851",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48851"
},
{
"name": "CVE-2024-42285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42285"
},
{
"name": "CVE-2024-35965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35965"
},
{
"name": "CVE-2024-42158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42158"
},
{
"name": "CVE-2024-42288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42288"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2022-48912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48912"
},
{
"name": "CVE-2024-26677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26677"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2022-48899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48899"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2022-48926",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48926"
},
{
"name": "CVE-2024-35933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35933"
},
{
"name": "CVE-2022-48788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48788"
},
{
"name": "CVE-2022-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48930"
},
{
"name": "CVE-2022-48857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48857"
},
{
"name": "CVE-2023-52907",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52907"
},
{
"name": "CVE-2022-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48873"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2022-48798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48798"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2023-52708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52708"
},
{
"name": "CVE-2023-52901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52901"
},
{
"name": "CVE-2024-42281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42281"
},
{
"name": "CVE-2022-48790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48790"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2022-48791",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48791"
},
{
"name": "CVE-2024-43871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43871"
},
{
"name": "CVE-2024-27398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27398"
},
{
"name": "CVE-2024-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42309"
},
{
"name": "CVE-2022-48789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48789"
},
{
"name": "CVE-2024-42110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42110"
},
{
"name": "CVE-2022-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48934"
},
{
"name": "CVE-2023-1582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1582"
},
{
"name": "CVE-2022-48919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48919"
},
{
"name": "CVE-2022-48823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48823"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2021-47425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47425"
},
{
"name": "CVE-2022-48931",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48931"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2021-4441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4441"
},
{
"name": "CVE-2024-42287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42287"
},
{
"name": "CVE-2024-35950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35950"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-43831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43831"
},
{
"name": "CVE-2021-47373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47373"
},
{
"name": "CVE-2024-42226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42226"
},
{
"name": "CVE-2021-4440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4440"
},
{
"name": "CVE-2024-42259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42259"
},
{
"name": "CVE-2022-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48875"
},
{
"name": "CVE-2022-0854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0854"
},
{
"name": "CVE-2024-36270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-43872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43872"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43883"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2022-48769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48769"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2022-48856",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48856"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-43856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43856"
},
{
"name": "CVE-2022-48778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48778"
},
{
"name": "CVE-2022-48836",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48836"
},
{
"name": "CVE-2021-47549",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47549"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2022-48775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48775"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2022-48858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48858"
},
{
"name": "CVE-2022-48802",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48802"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2022-48843",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48843"
},
{
"name": "CVE-2024-39489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39489"
},
{
"name": "CVE-2024-26812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26812"
},
{
"name": "CVE-2022-48838",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48838"
},
{
"name": "CVE-2024-43839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43839"
},
{
"name": "CVE-2024-43853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43853"
},
{
"name": "CVE-2024-41098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41098"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-42286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42286"
},
{
"name": "CVE-2024-42312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42312"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2024-35915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35915"
},
{
"name": "CVE-2022-48787",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48787"
},
{
"name": "CVE-2024-41087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41087"
},
{
"name": "CVE-2024-42106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42106"
},
{
"name": "CVE-2024-26800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26800"
},
{
"name": "CVE-2024-36013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36013"
},
{
"name": "CVE-2022-20368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20368"
},
{
"name": "CVE-2022-48822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48822"
},
{
"name": "CVE-2024-40910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40910"
},
{
"name": "CVE-2022-48805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48805"
},
{
"name": "CVE-2021-47289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47289"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2022-48811",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48811"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2022-28748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28748"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2024-42077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42077"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2022-48834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48834"
},
{
"name": "CVE-2024-26668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26668"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-26923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26923"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2022-48839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48839"
},
{
"name": "CVE-2024-42289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42289"
},
{
"name": "CVE-2022-48925",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48925"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2022-48901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48901"
},
{
"name": "CVE-2024-35817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35817"
},
{
"name": "CVE-2024-26828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
},
{
"name": "CVE-2022-48917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48917"
},
{
"name": "CVE-2022-48827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48827"
},
{
"name": "CVE-2022-48686",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48686"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2022-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48928"
},
{
"name": "CVE-2023-52893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52893"
},
{
"name": "CVE-2024-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38618"
},
{
"name": "CVE-2022-48920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48920"
},
{
"name": "CVE-2022-48853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48853"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2022-48865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48865"
},
{
"name": "CVE-2024-43879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43879"
},
{
"name": "CVE-2022-48872",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48872"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2022-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48933"
},
{
"name": "CVE-2024-41062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41062"
},
{
"name": "CVE-2022-48751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48751"
},
{
"name": "CVE-2023-52502",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52502"
},
{
"name": "CVE-2021-47341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47341"
},
{
"name": "CVE-2024-43866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43866"
},
{
"name": "CVE-2024-42271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42271"
},
{
"name": "CVE-2024-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40909"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2022-48905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48905"
},
{
"name": "CVE-2024-26930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26930"
},
{
"name": "CVE-2022-48896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48896"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2022-48662",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48662"
},
{
"name": "CVE-2024-41011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41011"
},
{
"name": "CVE-2024-43902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43902"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
},
{
"name": "CVE-2022-48938",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48938"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2021-47257",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47257"
},
{
"name": "CVE-2024-43905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43905"
},
{
"name": "CVE-2022-48835",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48835"
},
{
"name": "CVE-2022-48824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48824"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0800",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3320-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243320-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3347-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243347-1"
},
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3322-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243322-1"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3249-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243249-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3334-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243334-1"
},
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3318-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243318-1"
},
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3321-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243321-1"
},
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3319-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243319-1"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3251-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243251-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3348-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243348-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3337-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243337-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3338-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243338-1"
},
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3252-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243252-1"
},
{
"published_at": "2024-09-20",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3350-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243350-1"
},
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3304-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243304-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3336-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243336-1"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3349-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243349-1"
}
]
}
CERTFR-2024-AVI-0779
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | N/A | openSUSE Leap Micro 5.5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | N/A | Public Cloud Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | N/A | Public Cloud Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 12 SP5 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
},
{
"name": "CVE-2022-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40133"
},
{
"name": "CVE-2022-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
},
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2024-26631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26631"
},
{
"name": "CVE-2024-27437",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27437"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2024-26590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26590"
},
{
"name": "CVE-2024-26812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26812"
},
{
"name": "CVE-2024-26809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26809"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2024-26889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26889"
},
{
"name": "CVE-2023-52498",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52498"
},
{
"name": "CVE-2024-26920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26920"
},
{
"name": "CVE-2024-27016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27016"
},
{
"name": "CVE-2024-26808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
},
{
"name": "CVE-2024-26835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26835"
},
{
"name": "CVE-2024-26976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26976"
},
{
"name": "CVE-2024-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27024"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2024-26668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26668"
},
{
"name": "CVE-2024-26669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26669"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2024-36933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36933"
},
{
"name": "CVE-2024-36939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36939"
},
{
"name": "CVE-2021-47289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47289"
},
{
"name": "CVE-2021-47341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47341"
},
{
"name": "CVE-2021-47373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47373"
},
{
"name": "CVE-2021-47425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47425"
},
{
"name": "CVE-2021-47549",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47549"
},
{
"name": "CVE-2023-52708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52708"
},
{
"name": "CVE-2023-52756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52756"
},
{
"name": "CVE-2023-52766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52766"
},
{
"name": "CVE-2023-52800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52800"
},
{
"name": "CVE-2023-52854",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52854"
},
{
"name": "CVE-2024-26758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26758"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2024-35915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35915"
},
{
"name": "CVE-2024-35933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35933"
},
{
"name": "CVE-2024-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35939"
},
{
"name": "CVE-2024-35965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35965"
},
{
"name": "CVE-2024-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35945"
},
{
"name": "CVE-2024-35971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35971"
},
{
"name": "CVE-2024-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36009"
},
{
"name": "CVE-2024-36013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36013"
},
{
"name": "CVE-2024-36936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36936"
},
{
"name": "CVE-2024-31076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-35897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35897"
},
{
"name": "CVE-2024-35902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35902"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2024-36288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36288"
},
{
"name": "CVE-2024-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38618"
},
{
"name": "CVE-2024-27403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27403"
},
{
"name": "CVE-2024-26944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26944"
},
{
"name": "CVE-2024-27049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27049"
},
{
"name": "CVE-2024-27050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27050"
},
{
"name": "CVE-2024-27079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27079"
},
{
"name": "CVE-2024-27433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27433"
},
{
"name": "CVE-2022-48751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48751"
},
{
"name": "CVE-2022-48769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48769"
},
{
"name": "CVE-2023-52735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52735"
},
{
"name": "CVE-2024-38548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38548"
},
{
"name": "CVE-2024-26677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26677"
},
{
"name": "CVE-2024-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26691"
},
{
"name": "CVE-2024-27010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27010"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2024-35913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35913"
},
{
"name": "CVE-2024-36270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2024-38662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38662"
},
{
"name": "CVE-2024-39476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
},
{
"name": "CVE-2024-39484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39484"
},
{
"name": "CVE-2024-39488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39488"
},
{
"name": "CVE-2024-39489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39489"
},
{
"name": "CVE-2024-39493",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39493"
},
{
"name": "CVE-2024-39499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
},
{
"name": "CVE-2024-39500",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39500"
},
{
"name": "CVE-2024-39501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
},
{
"name": "CVE-2024-39505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39505"
},
{
"name": "CVE-2024-39506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
},
{
"name": "CVE-2024-39509",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39509"
},
{
"name": "CVE-2024-39510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39510"
},
{
"name": "CVE-2024-40899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40899"
},
{
"name": "CVE-2024-40900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40900"
},
{
"name": "CVE-2024-40902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40902"
},
{
"name": "CVE-2024-40903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40903"
},
{
"name": "CVE-2024-40904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40904"
},
{
"name": "CVE-2024-40905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40905"
},
{
"name": "CVE-2024-40910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40910"
},
{
"name": "CVE-2024-40911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40911"
},
{
"name": "CVE-2024-40912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40912"
},
{
"name": "CVE-2024-40913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40913"
},
{
"name": "CVE-2024-40916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40916"
},
{
"name": "CVE-2024-40920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40920"
},
{
"name": "CVE-2024-40921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40921"
},
{
"name": "CVE-2024-40924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40924"
},
{
"name": "CVE-2024-40927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
},
{
"name": "CVE-2024-40929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40929"
},
{
"name": "CVE-2024-40932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40932"
},
{
"name": "CVE-2024-40934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40934"
},
{
"name": "CVE-2024-40938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40938"
},
{
"name": "CVE-2024-40939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40939"
},
{
"name": "CVE-2024-40941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40941"
},
{
"name": "CVE-2024-40942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40942"
},
{
"name": "CVE-2024-40943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40943"
},
{
"name": "CVE-2024-40945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40945"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-40956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40956"
},
{
"name": "CVE-2024-40957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40957"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2024-40959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
},
{
"name": "CVE-2024-40967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40967"
},
{
"name": "CVE-2024-40976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40976"
},
{
"name": "CVE-2024-40977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40977"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2024-40981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40981"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2024-40987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40987"
},
{
"name": "CVE-2024-40988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40988"
},
{
"name": "CVE-2024-40989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40989"
},
{
"name": "CVE-2024-40990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40990"
},
{
"name": "CVE-2024-40994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40994"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2024-41000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41000"
},
{
"name": "CVE-2024-41001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41001"
},
{
"name": "CVE-2024-41002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41002"
},
{
"name": "CVE-2024-41004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41004"
},
{
"name": "CVE-2024-26767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26767"
},
{
"name": "CVE-2024-36962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36962"
},
{
"name": "CVE-2024-38554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38554"
},
{
"name": "CVE-2024-38602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38602"
},
{
"name": "CVE-2022-48808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48808"
},
{
"name": "CVE-2024-35949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35949"
},
{
"name": "CVE-2024-36881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36881"
},
{
"name": "CVE-2024-36909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36909"
},
{
"name": "CVE-2024-36910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36910"
},
{
"name": "CVE-2024-36911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36911"
},
{
"name": "CVE-2024-36979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36979"
},
{
"name": "CVE-2024-38563",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38563"
},
{
"name": "CVE-2024-41011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41011"
},
{
"name": "CVE-2021-47257",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47257"
},
{
"name": "CVE-2023-52885",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52885"
},
{
"name": "CVE-2024-26837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26837"
},
{
"name": "CVE-2021-47546",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47546"
},
{
"name": "CVE-2022-48775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48775"
},
{
"name": "CVE-2022-48778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48778"
},
{
"name": "CVE-2022-48786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48786"
},
{
"name": "CVE-2022-48787",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48787"
},
{
"name": "CVE-2022-48788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48788"
},
{
"name": "CVE-2022-48789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48789"
},
{
"name": "CVE-2022-48790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48790"
},
{
"name": "CVE-2022-48798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48798"
},
{
"name": "CVE-2022-48802",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48802"
},
{
"name": "CVE-2022-48805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48805"
},
{
"name": "CVE-2022-48811",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48811"
},
{
"name": "CVE-2022-48822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48822"
},
{
"name": "CVE-2022-48823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48823"
},
{
"name": "CVE-2022-48824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48824"
},
{
"name": "CVE-2022-48827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48827"
},
{
"name": "CVE-2022-48834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48834"
},
{
"name": "CVE-2022-48835",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48835"
},
{
"name": "CVE-2022-48836",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48836"
},
{
"name": "CVE-2022-48837",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48837"
},
{
"name": "CVE-2022-48838",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48838"
},
{
"name": "CVE-2022-48839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48839"
},
{
"name": "CVE-2022-48843",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48843"
},
{
"name": "CVE-2022-48851",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48851"
},
{
"name": "CVE-2022-48853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48853"
},
{
"name": "CVE-2022-48856",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48856"
},
{
"name": "CVE-2022-48857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48857"
},
{
"name": "CVE-2022-48858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48858"
},
{
"name": "CVE-2023-52886",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52886"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-39508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39508"
},
{
"name": "CVE-2024-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40909"
},
{
"name": "CVE-2024-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40982"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-41015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41015"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
},
{
"name": "CVE-2024-41041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41041"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-41048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41048"
},
{
"name": "CVE-2024-41057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41057"
},
{
"name": "CVE-2024-41058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41058"
},
{
"name": "CVE-2024-41059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41059"
},
{
"name": "CVE-2024-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41060"
},
{
"name": "CVE-2024-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41063"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-41069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41069"
},
{
"name": "CVE-2024-41070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41070"
},
{
"name": "CVE-2024-41071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41071"
},
{
"name": "CVE-2024-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41072"
},
{
"name": "CVE-2024-41076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
},
{
"name": "CVE-2024-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41078"
},
{
"name": "CVE-2024-41081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41081"
},
{
"name": "CVE-2024-41087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41087"
},
{
"name": "CVE-2024-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41089"
},
{
"name": "CVE-2024-41095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41095"
},
{
"name": "CVE-2024-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42070"
},
{
"name": "CVE-2024-42079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42079"
},
{
"name": "CVE-2024-42093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42093"
},
{
"name": "CVE-2024-42096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42096"
},
{
"name": "CVE-2024-42105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42105"
},
{
"name": "CVE-2024-42119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42119"
},
{
"name": "CVE-2024-42120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42120"
},
{
"name": "CVE-2024-42122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42122"
},
{
"name": "CVE-2024-42124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
},
{
"name": "CVE-2024-42161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42161"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-42224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42224"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2024-41007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41007"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-41022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41022"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2024-41049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41049"
},
{
"name": "CVE-2024-41065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41065"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2024-42104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42104"
},
{
"name": "CVE-2024-42106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42106"
},
{
"name": "CVE-2024-42115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42115"
},
{
"name": "CVE-2024-42121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42121"
},
{
"name": "CVE-2024-42127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42127"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-42137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42137"
},
{
"name": "CVE-2024-42143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42143"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-42153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42153"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2024-42110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42110"
},
{
"name": "CVE-2024-40936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40936"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2024-41096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41096"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2023-52887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52887"
},
{
"name": "CVE-2024-39483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39483"
},
{
"name": "CVE-2024-39491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39491"
},
{
"name": "CVE-2024-40922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40922"
},
{
"name": "CVE-2024-40926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40926"
},
{
"name": "CVE-2024-40930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40930"
},
{
"name": "CVE-2024-40944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40944"
},
{
"name": "CVE-2024-40962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40962"
},
{
"name": "CVE-2024-40964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40964"
},
{
"name": "CVE-2024-40992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40992"
},
{
"name": "CVE-2024-40997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40997"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-41093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2024-42076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42076"
},
{
"name": "CVE-2024-42077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42077"
},
{
"name": "CVE-2024-42080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42080"
},
{
"name": "CVE-2024-42085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42085"
},
{
"name": "CVE-2024-42086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42086"
},
{
"name": "CVE-2024-42087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42087"
},
{
"name": "CVE-2024-42089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42089"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2024-42092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42092"
},
{
"name": "CVE-2024-42095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42095"
},
{
"name": "CVE-2024-42097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42097"
},
{
"name": "CVE-2024-42098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42098"
},
{
"name": "CVE-2024-42109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42109"
},
{
"name": "CVE-2024-42130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42130"
},
{
"name": "CVE-2024-42225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42225"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2024-42270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42270"
},
{
"name": "CVE-2021-4440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4440"
},
{
"name": "CVE-2021-4441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4441"
},
{
"name": "CVE-2021-47106",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47106"
},
{
"name": "CVE-2021-47517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47517"
},
{
"name": "CVE-2022-48645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48645"
},
{
"name": "CVE-2022-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48706"
},
{
"name": "CVE-2022-48865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48865"
},
{
"name": "CVE-2022-48868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48868"
},
{
"name": "CVE-2022-48869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48869"
},
{
"name": "CVE-2022-48870",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48870"
},
{
"name": "CVE-2022-48871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48871"
},
{
"name": "CVE-2022-48872",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48872"
},
{
"name": "CVE-2022-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48873"
},
{
"name": "CVE-2022-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48875"
},
{
"name": "CVE-2022-48878",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48878"
},
{
"name": "CVE-2022-48880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48880"
},
{
"name": "CVE-2022-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48881"
},
{
"name": "CVE-2022-48882",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48882"
},
{
"name": "CVE-2022-48883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48883"
},
{
"name": "CVE-2022-48884",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48884"
},
{
"name": "CVE-2022-48885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48885"
},
{
"name": "CVE-2022-48886",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48886"
},
{
"name": "CVE-2022-48887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48887"
},
{
"name": "CVE-2022-48888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48888"
},
{
"name": "CVE-2022-48889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48889"
},
{
"name": "CVE-2022-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48890"
},
{
"name": "CVE-2022-48891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48891"
},
{
"name": "CVE-2022-48893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48893"
},
{
"name": "CVE-2022-48896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48896"
},
{
"name": "CVE-2022-48898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48898"
},
{
"name": "CVE-2022-48899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48899"
},
{
"name": "CVE-2022-48901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48901"
},
{
"name": "CVE-2022-48903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48903"
},
{
"name": "CVE-2022-48904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48904"
},
{
"name": "CVE-2022-48905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48905"
},
{
"name": "CVE-2022-48906",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48906"
},
{
"name": "CVE-2022-48907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48907"
},
{
"name": "CVE-2022-48909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48909"
},
{
"name": "CVE-2022-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48910"
},
{
"name": "CVE-2022-48912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48912"
},
{
"name": "CVE-2022-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48913"
},
{
"name": "CVE-2022-48914",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48914"
},
{
"name": "CVE-2022-48915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48915"
},
{
"name": "CVE-2022-48916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48916"
},
{
"name": "CVE-2022-48917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48917"
},
{
"name": "CVE-2022-48918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48918"
},
{
"name": "CVE-2022-48919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48919"
},
{
"name": "CVE-2022-48920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48920"
},
{
"name": "CVE-2022-48921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48921"
},
{
"name": "CVE-2022-48923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48923"
},
{
"name": "CVE-2022-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48924"
},
{
"name": "CVE-2022-48925",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48925"
},
{
"name": "CVE-2022-48926",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48926"
},
{
"name": "CVE-2022-48927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48927"
},
{
"name": "CVE-2022-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48928"
},
{
"name": "CVE-2022-48929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48929"
},
{
"name": "CVE-2022-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48930"
},
{
"name": "CVE-2022-48931",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48931"
},
{
"name": "CVE-2022-48932",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48932"
},
{
"name": "CVE-2022-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48933"
},
{
"name": "CVE-2022-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48934"
},
{
"name": "CVE-2022-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48935"
},
{
"name": "CVE-2022-48937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48937"
},
{
"name": "CVE-2022-48938",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48938"
},
{
"name": "CVE-2022-48939",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48939"
},
{
"name": "CVE-2022-48940",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48940"
},
{
"name": "CVE-2022-48941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48941"
},
{
"name": "CVE-2022-48942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48942"
},
{
"name": "CVE-2022-48943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48943"
},
{
"name": "CVE-2023-52668",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52668"
},
{
"name": "CVE-2023-52688",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52688"
},
{
"name": "CVE-2023-52802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52802"
},
{
"name": "CVE-2023-52859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52859"
},
{
"name": "CVE-2023-52889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52889"
},
{
"name": "CVE-2023-52893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52893"
},
{
"name": "CVE-2023-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52894"
},
{
"name": "CVE-2023-52896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52896"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2023-52899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52899"
},
{
"name": "CVE-2023-52900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52900"
},
{
"name": "CVE-2023-52901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52901"
},
{
"name": "CVE-2023-52904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52904"
},
{
"name": "CVE-2023-52905",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52905"
},
{
"name": "CVE-2023-52906",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52906"
},
{
"name": "CVE-2023-52907",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52907"
},
{
"name": "CVE-2023-52908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52908"
},
{
"name": "CVE-2023-52909",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52909"
},
{
"name": "CVE-2023-52910",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52910"
},
{
"name": "CVE-2023-52911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52911"
},
{
"name": "CVE-2023-52912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52912"
},
{
"name": "CVE-2023-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52913"
},
{
"name": "CVE-2024-26637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26637"
},
{
"name": "CVE-2024-26682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26682"
},
{
"name": "CVE-2024-26683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26683"
},
{
"name": "CVE-2024-26849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26849"
},
{
"name": "CVE-2024-36907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36907"
},
{
"name": "CVE-2024-36970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36970"
},
{
"name": "CVE-2024-38609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38609"
},
{
"name": "CVE-2024-39486",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39486"
},
{
"name": "CVE-2024-41010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41010"
},
{
"name": "CVE-2024-41024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41024"
},
{
"name": "CVE-2024-41025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41025"
},
{
"name": "CVE-2024-41028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41028"
},
{
"name": "CVE-2024-41032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41032"
},
{
"name": "CVE-2024-41036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41036"
},
{
"name": "CVE-2024-41037",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41037"
},
{
"name": "CVE-2024-41038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41038"
},
{
"name": "CVE-2024-41039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41039"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2024-41045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41045"
},
{
"name": "CVE-2024-41050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41050"
},
{
"name": "CVE-2024-41051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41051"
},
{
"name": "CVE-2024-41056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41056"
},
{
"name": "CVE-2024-41061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41061"
},
{
"name": "CVE-2024-41062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41062"
},
{
"name": "CVE-2024-41074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41074"
},
{
"name": "CVE-2024-41075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41075"
},
{
"name": "CVE-2024-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41079"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-41084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41084"
},
{
"name": "CVE-2024-41088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41088"
},
{
"name": "CVE-2024-41094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41094"
},
{
"name": "CVE-2024-41098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41098"
},
{
"name": "CVE-2024-42064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42064"
},
{
"name": "CVE-2024-42069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42069"
},
{
"name": "CVE-2024-42073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42073"
},
{
"name": "CVE-2024-42074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42074"
},
{
"name": "CVE-2024-42107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42107"
},
{
"name": "CVE-2024-42113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42113"
},
{
"name": "CVE-2024-42114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42114"
},
{
"name": "CVE-2024-42117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42117"
},
{
"name": "CVE-2024-42125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42125"
},
{
"name": "CVE-2024-42126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42126"
},
{
"name": "CVE-2024-42132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42132"
},
{
"name": "CVE-2024-42133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42133"
},
{
"name": "CVE-2024-42136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42136"
},
{
"name": "CVE-2024-42138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42138"
},
{
"name": "CVE-2024-42139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42139"
},
{
"name": "CVE-2024-42141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42141"
},
{
"name": "CVE-2024-42142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42142"
},
{
"name": "CVE-2024-42144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42144"
},
{
"name": "CVE-2024-42147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42147"
},
{
"name": "CVE-2024-42155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42155"
},
{
"name": "CVE-2024-42156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42156"
},
{
"name": "CVE-2024-42158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42158"
},
{
"name": "CVE-2024-42159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42159"
},
{
"name": "CVE-2024-42162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42162"
},
{
"name": "CVE-2024-42226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42226"
},
{
"name": "CVE-2024-42227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42227"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2024-42237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-42239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42239"
},
{
"name": "CVE-2024-42241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42241"
},
{
"name": "CVE-2024-42245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42245"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-42250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42250"
},
{
"name": "CVE-2024-42253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42253"
},
{
"name": "CVE-2024-42259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42259"
},
{
"name": "CVE-2024-42268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42268"
},
{
"name": "CVE-2024-42269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42269"
},
{
"name": "CVE-2024-42271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42271"
},
{
"name": "CVE-2024-42274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42274"
},
{
"name": "CVE-2024-42276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42276"
},
{
"name": "CVE-2024-42277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42277"
},
{
"name": "CVE-2024-42278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42278"
},
{
"name": "CVE-2024-42279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42279"
},
{
"name": "CVE-2024-42280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42280"
},
{
"name": "CVE-2024-42281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42281"
},
{
"name": "CVE-2024-42283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42283"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-42285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42285"
},
{
"name": "CVE-2024-42286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42286"
},
{
"name": "CVE-2024-42287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42287"
},
{
"name": "CVE-2024-42288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42288"
},
{
"name": "CVE-2024-42289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42289"
},
{
"name": "CVE-2024-42290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42290"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
},
{
"name": "CVE-2024-42295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42295"
},
{
"name": "CVE-2024-42298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42298"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2024-42302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42302"
},
{
"name": "CVE-2024-42303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42303"
},
{
"name": "CVE-2024-42308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42308"
},
{
"name": "CVE-2024-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42309"
},
{
"name": "CVE-2024-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42310"
},
{
"name": "CVE-2024-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42311"
},
{
"name": "CVE-2024-42312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42312"
},
{
"name": "CVE-2024-42313",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42313"
},
{
"name": "CVE-2024-42314",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42314"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-42316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42316"
},
{
"name": "CVE-2024-42318",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42318"
},
{
"name": "CVE-2024-42319",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42319"
},
{
"name": "CVE-2024-42320",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42320"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43816"
},
{
"name": "CVE-2024-43817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43817"
},
{
"name": "CVE-2024-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43818"
},
{
"name": "CVE-2024-43819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43819"
},
{
"name": "CVE-2024-43821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43821"
},
{
"name": "CVE-2024-43823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43823"
},
{
"name": "CVE-2024-43824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43824"
},
{
"name": "CVE-2024-43825",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43825"
},
{
"name": "CVE-2024-43826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43826"
},
{
"name": "CVE-2024-43829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43829"
},
{
"name": "CVE-2024-43830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
},
{
"name": "CVE-2024-43831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43831"
},
{
"name": "CVE-2024-43833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43833"
},
{
"name": "CVE-2024-43834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43834"
},
{
"name": "CVE-2024-43837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43837"
},
{
"name": "CVE-2024-43839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43839"
},
{
"name": "CVE-2024-43840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43840"
},
{
"name": "CVE-2024-43841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43841"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2024-43846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43846"
},
{
"name": "CVE-2024-43847",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43847"
},
{
"name": "CVE-2024-43849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43849"
},
{
"name": "CVE-2024-43850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43850"
},
{
"name": "CVE-2024-43851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43851"
},
{
"name": "CVE-2024-43853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43853"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-43855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43855"
},
{
"name": "CVE-2024-43856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43856"
},
{
"name": "CVE-2024-43858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43858"
},
{
"name": "CVE-2024-43860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43860"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-43864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43864"
},
{
"name": "CVE-2024-43866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43866"
},
{
"name": "CVE-2024-43867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43867"
},
{
"name": "CVE-2024-43871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43871"
},
{
"name": "CVE-2024-43872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43872"
},
{
"name": "CVE-2024-43873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43873"
},
{
"name": "CVE-2024-43874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43874"
},
{
"name": "CVE-2024-43875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43875"
},
{
"name": "CVE-2024-43876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43876"
},
{
"name": "CVE-2024-43877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43877"
},
{
"name": "CVE-2024-43879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43879"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-43881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43881"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2024-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43883"
},
{
"name": "CVE-2024-43884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43884"
},
{
"name": "CVE-2024-43885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43885"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-43894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43894"
},
{
"name": "CVE-2024-43895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43895"
},
{
"name": "CVE-2024-43897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43897"
},
{
"name": "CVE-2024-43899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43899"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-43902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43902"
},
{
"name": "CVE-2024-43903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43903"
},
{
"name": "CVE-2024-43904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43904"
},
{
"name": "CVE-2024-43905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43905"
},
{
"name": "CVE-2024-43906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43906"
},
{
"name": "CVE-2024-43907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43907"
},
{
"name": "CVE-2024-43908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43908"
},
{
"name": "CVE-2024-43909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43909"
},
{
"name": "CVE-2024-43911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43911"
},
{
"name": "CVE-2024-43912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43912"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0779",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3189-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243189-1"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3195-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243195-1"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3190-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243190-1"
},
{
"published_at": "2024-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3225-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243225-1"
},
{
"published_at": "2024-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3227-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243227-1"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3209-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243209-1"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3194-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243194-1"
}
]
}
CERTFR-2024-AVI-0840
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | Legacy Module 15-SP5 | ||
| SUSE | N/A | openSUSE Leap Micro 5.5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Desktop 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 11 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | SUSE Manager Server 4.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 | ||
| SUSE | N/A | SUSE Manager Proxy 4.1 | ||
| SUSE | N/A | Basesystem Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP5 | ||
| SUSE | N/A | Development Tools Module 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Legacy Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2022-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
},
{
"name": "CVE-2022-20368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20368"
},
{
"name": "CVE-2022-0854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0854"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2022-28748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28748"
},
{
"name": "CVE-2022-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0500"
},
{
"name": "CVE-2022-4382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4382"
},
{
"name": "CVE-2023-1582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1582"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2023-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
},
{
"name": "CVE-2022-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40133"
},
{
"name": "CVE-2022-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
},
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2024-26631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26631"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2024-26800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26800"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2024-26812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26812"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2023-52498",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52498"
},
{
"name": "CVE-2024-27016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27016"
},
{
"name": "CVE-2024-26808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
},
{
"name": "CVE-2024-26835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26835"
},
{
"name": "CVE-2024-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27024"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2024-26668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26668"
},
{
"name": "CVE-2024-26669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26669"
},
{
"name": "CVE-2022-48686",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48686"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2024-36933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36933"
},
{
"name": "CVE-2023-52854",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52854"
},
{
"name": "CVE-2024-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35945"
},
{
"name": "CVE-2024-35971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35971"
},
{
"name": "CVE-2024-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36009"
},
{
"name": "CVE-2024-36013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36013"
},
{
"name": "CVE-2024-36936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36936"
},
{
"name": "CVE-2024-31076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
},
{
"name": "CVE-2024-35897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35897"
},
{
"name": "CVE-2024-35902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35902"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2024-27403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27403"
},
{
"name": "CVE-2024-27079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27079"
},
{
"name": "CVE-2023-52846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52846"
},
{
"name": "CVE-2024-26677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26677"
},
{
"name": "CVE-2024-27010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27010"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2024-36270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2024-38662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38662"
},
{
"name": "CVE-2024-39489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39489"
},
{
"name": "CVE-2024-40905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40905"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2024-41000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41000"
},
{
"name": "CVE-2024-36962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36962"
},
{
"name": "CVE-2024-38554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38554"
},
{
"name": "CVE-2024-38602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38602"
},
{
"name": "CVE-2022-48808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48808"
},
{
"name": "CVE-2024-41011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41011"
},
{
"name": "CVE-2021-47546",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47546"
},
{
"name": "CVE-2022-48791",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48791"
},
{
"name": "CVE-2022-48802",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48802"
},
{
"name": "CVE-2022-48805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48805"
},
{
"name": "CVE-2022-48839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48839"
},
{
"name": "CVE-2022-48853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48853"
},
{
"name": "CVE-2024-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40909"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41060"
},
{
"name": "CVE-2024-41087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41087"
},
{
"name": "CVE-2024-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41089"
},
{
"name": "CVE-2024-41095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41095"
},
{
"name": "CVE-2024-42119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42119"
},
{
"name": "CVE-2024-42120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42120"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2024-41007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41007"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-41022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41022"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2024-41065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41065"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2024-42104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42104"
},
{
"name": "CVE-2024-42106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42106"
},
{
"name": "CVE-2024-42115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42115"
},
{
"name": "CVE-2024-42121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42121"
},
{
"name": "CVE-2024-42127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42127"
},
{
"name": "CVE-2024-42137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42137"
},
{
"name": "CVE-2024-42143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42143"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2024-42110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42110"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2023-52887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52887"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-41093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2024-42076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42076"
},
{
"name": "CVE-2024-42077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42077"
},
{
"name": "CVE-2024-42080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42080"
},
{
"name": "CVE-2024-42085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42085"
},
{
"name": "CVE-2024-42086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42086"
},
{
"name": "CVE-2024-42087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42087"
},
{
"name": "CVE-2024-42089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42089"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2024-42092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42092"
},
{
"name": "CVE-2024-42095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42095"
},
{
"name": "CVE-2024-42097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42097"
},
{
"name": "CVE-2024-42098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42098"
},
{
"name": "CVE-2024-42130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42130"
},
{
"name": "CVE-2024-42225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42225"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2021-4441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4441"
},
{
"name": "CVE-2021-47106",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47106"
},
{
"name": "CVE-2021-47517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47517"
},
{
"name": "CVE-2022-48645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48645"
},
{
"name": "CVE-2022-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48706"
},
{
"name": "CVE-2022-48865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48865"
},
{
"name": "CVE-2022-48868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48868"
},
{
"name": "CVE-2022-48869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48869"
},
{
"name": "CVE-2022-48870",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48870"
},
{
"name": "CVE-2022-48871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48871"
},
{
"name": "CVE-2022-48872",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48872"
},
{
"name": "CVE-2022-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48873"
},
{
"name": "CVE-2022-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48875"
},
{
"name": "CVE-2022-48878",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48878"
},
{
"name": "CVE-2022-48880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48880"
},
{
"name": "CVE-2022-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48881"
},
{
"name": "CVE-2022-48882",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48882"
},
{
"name": "CVE-2022-48883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48883"
},
{
"name": "CVE-2022-48884",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48884"
},
{
"name": "CVE-2022-48885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48885"
},
{
"name": "CVE-2022-48886",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48886"
},
{
"name": "CVE-2022-48887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48887"
},
{
"name": "CVE-2022-48888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48888"
},
{
"name": "CVE-2022-48889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48889"
},
{
"name": "CVE-2022-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48890"
},
{
"name": "CVE-2022-48891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48891"
},
{
"name": "CVE-2022-48893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48893"
},
{
"name": "CVE-2022-48896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48896"
},
{
"name": "CVE-2022-48898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48898"
},
{
"name": "CVE-2022-48899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48899"
},
{
"name": "CVE-2022-48901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48901"
},
{
"name": "CVE-2022-48903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48903"
},
{
"name": "CVE-2022-48904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48904"
},
{
"name": "CVE-2022-48905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48905"
},
{
"name": "CVE-2022-48906",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48906"
},
{
"name": "CVE-2022-48907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48907"
},
{
"name": "CVE-2022-48909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48909"
},
{
"name": "CVE-2022-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48910"
},
{
"name": "CVE-2022-48912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48912"
},
{
"name": "CVE-2022-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48913"
},
{
"name": "CVE-2022-48914",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48914"
},
{
"name": "CVE-2022-48915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48915"
},
{
"name": "CVE-2022-48916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48916"
},
{
"name": "CVE-2022-48917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48917"
},
{
"name": "CVE-2022-48918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48918"
},
{
"name": "CVE-2022-48919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48919"
},
{
"name": "CVE-2022-48920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48920"
},
{
"name": "CVE-2022-48921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48921"
},
{
"name": "CVE-2022-48923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48923"
},
{
"name": "CVE-2022-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48924"
},
{
"name": "CVE-2022-48925",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48925"
},
{
"name": "CVE-2022-48926",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48926"
},
{
"name": "CVE-2022-48927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48927"
},
{
"name": "CVE-2022-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48928"
},
{
"name": "CVE-2022-48929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48929"
},
{
"name": "CVE-2022-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48930"
},
{
"name": "CVE-2022-48931",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48931"
},
{
"name": "CVE-2022-48932",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48932"
},
{
"name": "CVE-2022-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48934"
},
{
"name": "CVE-2022-48937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48937"
},
{
"name": "CVE-2022-48938",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48938"
},
{
"name": "CVE-2022-48939",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48939"
},
{
"name": "CVE-2022-48940",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48940"
},
{
"name": "CVE-2022-48941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48941"
},
{
"name": "CVE-2022-48942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48942"
},
{
"name": "CVE-2022-48943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48943"
},
{
"name": "CVE-2023-52859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52859"
},
{
"name": "CVE-2023-52889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52889"
},
{
"name": "CVE-2023-52893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52893"
},
{
"name": "CVE-2023-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52894"
},
{
"name": "CVE-2023-52896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52896"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2023-52899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52899"
},
{
"name": "CVE-2023-52900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52900"
},
{
"name": "CVE-2023-52901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52901"
},
{
"name": "CVE-2023-52904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52904"
},
{
"name": "CVE-2023-52905",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52905"
},
{
"name": "CVE-2023-52906",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52906"
},
{
"name": "CVE-2023-52907",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52907"
},
{
"name": "CVE-2023-52908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52908"
},
{
"name": "CVE-2023-52909",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52909"
},
{
"name": "CVE-2023-52910",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52910"
},
{
"name": "CVE-2023-52911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52911"
},
{
"name": "CVE-2023-52912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52912"
},
{
"name": "CVE-2023-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52913"
},
{
"name": "CVE-2024-41036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41036"
},
{
"name": "CVE-2024-41038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41038"
},
{
"name": "CVE-2024-41039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41039"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2024-41045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41045"
},
{
"name": "CVE-2024-41056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41056"
},
{
"name": "CVE-2024-41062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41062"
},
{
"name": "CVE-2024-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41079"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-41088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41088"
},
{
"name": "CVE-2024-41098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41098"
},
{
"name": "CVE-2024-42069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42069"
},
{
"name": "CVE-2024-42074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42074"
},
{
"name": "CVE-2024-42107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42107"
},
{
"name": "CVE-2024-42114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42114"
},
{
"name": "CVE-2024-42126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42126"
},
{
"name": "CVE-2024-42139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42139"
},
{
"name": "CVE-2024-42142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42142"
},
{
"name": "CVE-2024-42155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42155"
},
{
"name": "CVE-2024-42156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42156"
},
{
"name": "CVE-2024-42158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42158"
},
{
"name": "CVE-2024-42162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42162"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2024-42237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-42239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42239"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-42268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42268"
},
{
"name": "CVE-2024-42271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42271"
},
{
"name": "CVE-2024-42274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42274"
},
{
"name": "CVE-2024-42276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42276"
},
{
"name": "CVE-2024-42277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42277"
},
{
"name": "CVE-2024-42280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42280"
},
{
"name": "CVE-2024-42281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42281"
},
{
"name": "CVE-2024-42283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42283"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-42285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42285"
},
{
"name": "CVE-2024-42286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42286"
},
{
"name": "CVE-2024-42287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42287"
},
{
"name": "CVE-2024-42288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42288"
},
{
"name": "CVE-2024-42289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42289"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
},
{
"name": "CVE-2024-42295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42295"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2024-42302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42302"
},
{
"name": "CVE-2024-42308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42308"
},
{
"name": "CVE-2024-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42309"
},
{
"name": "CVE-2024-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42310"
},
{
"name": "CVE-2024-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42311"
},
{
"name": "CVE-2024-42312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42312"
},
{
"name": "CVE-2024-42313",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42313"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-42318",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42318"
},
{
"name": "CVE-2024-42319",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42319"
},
{
"name": "CVE-2024-42320",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42320"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43816"
},
{
"name": "CVE-2024-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43818"
},
{
"name": "CVE-2024-43819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43819"
},
{
"name": "CVE-2024-43821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43821"
},
{
"name": "CVE-2024-43823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43823"
},
{
"name": "CVE-2024-43829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43829"
},
{
"name": "CVE-2024-43830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
},
{
"name": "CVE-2024-43831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43831"
},
{
"name": "CVE-2024-43834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43834"
},
{
"name": "CVE-2024-43837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43837"
},
{
"name": "CVE-2024-43839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43839"
},
{
"name": "CVE-2024-43841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43841"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2024-43846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43846"
},
{
"name": "CVE-2024-43849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43849"
},
{
"name": "CVE-2024-43853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43853"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-43856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43856"
},
{
"name": "CVE-2024-43858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43858"
},
{
"name": "CVE-2024-43860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43860"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-43866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43866"
},
{
"name": "CVE-2024-43867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43867"
},
{
"name": "CVE-2024-43871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43871"
},
{
"name": "CVE-2024-43872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43872"
},
{
"name": "CVE-2024-43873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43873"
},
{
"name": "CVE-2024-43879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43879"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2024-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43883"
},
{
"name": "CVE-2024-43884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43884"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-43894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43894"
},
{
"name": "CVE-2024-43895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43895"
},
{
"name": "CVE-2024-43899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43899"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-43902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43902"
},
{
"name": "CVE-2024-43903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43903"
},
{
"name": "CVE-2024-43904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43904"
},
{
"name": "CVE-2024-43905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43905"
},
{
"name": "CVE-2024-43907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43907"
},
{
"name": "CVE-2024-43908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43908"
},
{
"name": "CVE-2024-43909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43909"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0840",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-09-27",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3467-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243467-1"
},
{
"published_at": "2024-09-30",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3499-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243499-1"
},
{
"published_at": "2024-09-27",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3483-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243483-1"
},
{
"published_at": "2024-09-27",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3468-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243468-1"
}
]
}
CERTFR-2024-AVI-0822
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | Basesystem Module | Basesystem Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.6 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | Legacy Module 15-SP6 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | N/A | Development Tools Module 15-SP6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP6",
"product": {
"name": "Basesystem Module",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Legacy Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-4382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4382"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2024-26622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26622"
},
{
"name": "CVE-2023-52502",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52502"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2024-26631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26631"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2024-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26766"
},
{
"name": "CVE-2024-27437",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27437"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2024-26590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26590"
},
{
"name": "CVE-2024-26812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26812"
},
{
"name": "CVE-2024-26809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26809"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-26889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26889"
},
{
"name": "CVE-2024-26920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26920"
},
{
"name": "CVE-2024-26808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
},
{
"name": "CVE-2024-26835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26835"
},
{
"name": "CVE-2024-26976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26976"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2024-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27024"
},
{
"name": "CVE-2024-26923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26923"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2024-26668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26668"
},
{
"name": "CVE-2024-26669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26669"
},
{
"name": "CVE-2022-48651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48651"
},
{
"name": "CVE-2022-48662",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48662"
},
{
"name": "CVE-2024-26930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26930"
},
{
"name": "CVE-2024-26828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
},
{
"name": "CVE-2024-27398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27398"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2024-36933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36933"
},
{
"name": "CVE-2024-36939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36939"
},
{
"name": "CVE-2024-35817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35817"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2024-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35939"
},
{
"name": "CVE-2024-35950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35950"
},
{
"name": "CVE-2023-52772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52772"
},
{
"name": "CVE-2024-36921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
},
{
"name": "CVE-2024-31076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-35897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35897"
},
{
"name": "CVE-2024-35902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35902"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2024-36288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36288"
},
{
"name": "CVE-2024-27403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27403"
},
{
"name": "CVE-2024-26944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26944"
},
{
"name": "CVE-2024-27049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27049"
},
{
"name": "CVE-2024-27050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27050"
},
{
"name": "CVE-2024-27079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27079"
},
{
"name": "CVE-2024-27433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27433"
},
{
"name": "CVE-2023-52735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52735"
},
{
"name": "CVE-2023-52846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52846"
},
{
"name": "CVE-2024-38548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38548"
},
{
"name": "CVE-2024-26677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26677"
},
{
"name": "CVE-2024-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26691"
},
{
"name": "CVE-2024-27010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27010"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2024-35913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35913"
},
{
"name": "CVE-2024-36270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2024-38662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38662"
},
{
"name": "CVE-2024-39476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
},
{
"name": "CVE-2024-39484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39484"
},
{
"name": "CVE-2024-39488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39488"
},
{
"name": "CVE-2024-39489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39489"
},
{
"name": "CVE-2024-39493",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39493"
},
{
"name": "CVE-2024-39499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
},
{
"name": "CVE-2024-39500",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39500"
},
{
"name": "CVE-2024-39501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
},
{
"name": "CVE-2024-39505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39505"
},
{
"name": "CVE-2024-39506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
},
{
"name": "CVE-2024-39509",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39509"
},
{
"name": "CVE-2024-39510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39510"
},
{
"name": "CVE-2024-40899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40899"
},
{
"name": "CVE-2024-40900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40900"
},
{
"name": "CVE-2024-40902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40902"
},
{
"name": "CVE-2024-40903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40903"
},
{
"name": "CVE-2024-40904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40904"
},
{
"name": "CVE-2024-40905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40905"
},
{
"name": "CVE-2024-40910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40910"
},
{
"name": "CVE-2024-40911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40911"
},
{
"name": "CVE-2024-40912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40912"
},
{
"name": "CVE-2024-40913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40913"
},
{
"name": "CVE-2024-40916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40916"
},
{
"name": "CVE-2024-40920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40920"
},
{
"name": "CVE-2024-40921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40921"
},
{
"name": "CVE-2024-40924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40924"
},
{
"name": "CVE-2024-40927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
},
{
"name": "CVE-2024-40929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40929"
},
{
"name": "CVE-2024-40932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40932"
},
{
"name": "CVE-2024-40934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40934"
},
{
"name": "CVE-2024-40938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40938"
},
{
"name": "CVE-2024-40939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40939"
},
{
"name": "CVE-2024-40941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40941"
},
{
"name": "CVE-2024-40942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40942"
},
{
"name": "CVE-2024-40943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40943"
},
{
"name": "CVE-2024-40945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40945"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-40956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40956"
},
{
"name": "CVE-2024-40957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40957"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2024-40959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
},
{
"name": "CVE-2024-40967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40967"
},
{
"name": "CVE-2024-40976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40976"
},
{
"name": "CVE-2024-40977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40977"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2024-40981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40981"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2024-40987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40987"
},
{
"name": "CVE-2024-40988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40988"
},
{
"name": "CVE-2024-40989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40989"
},
{
"name": "CVE-2024-40990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40990"
},
{
"name": "CVE-2024-40994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40994"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2024-41000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41000"
},
{
"name": "CVE-2024-41001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41001"
},
{
"name": "CVE-2024-41002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41002"
},
{
"name": "CVE-2024-41004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41004"
},
{
"name": "CVE-2024-35949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35949"
},
{
"name": "CVE-2024-36881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36881"
},
{
"name": "CVE-2024-36909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36909"
},
{
"name": "CVE-2024-36910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36910"
},
{
"name": "CVE-2024-36911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36911"
},
{
"name": "CVE-2024-36979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36979"
},
{
"name": "CVE-2024-38563",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38563"
},
{
"name": "CVE-2024-41011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41011"
},
{
"name": "CVE-2023-52885",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52885"
},
{
"name": "CVE-2024-26837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26837"
},
{
"name": "CVE-2023-52886",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52886"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-39508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39508"
},
{
"name": "CVE-2024-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40909"
},
{
"name": "CVE-2024-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40982"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-41015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41015"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
},
{
"name": "CVE-2024-41041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41041"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-41048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41048"
},
{
"name": "CVE-2024-41057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41057"
},
{
"name": "CVE-2024-41058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41058"
},
{
"name": "CVE-2024-41059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41059"
},
{
"name": "CVE-2024-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41060"
},
{
"name": "CVE-2024-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41063"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-41069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41069"
},
{
"name": "CVE-2024-41070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41070"
},
{
"name": "CVE-2024-41071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41071"
},
{
"name": "CVE-2024-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41072"
},
{
"name": "CVE-2024-41076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
},
{
"name": "CVE-2024-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41078"
},
{
"name": "CVE-2024-41081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41081"
},
{
"name": "CVE-2024-41087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41087"
},
{
"name": "CVE-2024-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41089"
},
{
"name": "CVE-2024-41095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41095"
},
{
"name": "CVE-2024-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42070"
},
{
"name": "CVE-2024-42079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42079"
},
{
"name": "CVE-2024-42093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42093"
},
{
"name": "CVE-2024-42096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42096"
},
{
"name": "CVE-2024-42105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42105"
},
{
"name": "CVE-2024-42119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42119"
},
{
"name": "CVE-2024-42120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42120"
},
{
"name": "CVE-2024-42122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42122"
},
{
"name": "CVE-2024-42124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
},
{
"name": "CVE-2024-42161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42161"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-42224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42224"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2024-41007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41007"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-41022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41022"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2024-41049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41049"
},
{
"name": "CVE-2024-41065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41065"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2024-42104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42104"
},
{
"name": "CVE-2024-42106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42106"
},
{
"name": "CVE-2024-42115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42115"
},
{
"name": "CVE-2024-42121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42121"
},
{
"name": "CVE-2024-42127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42127"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-42137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42137"
},
{
"name": "CVE-2024-42143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42143"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-42153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42153"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2024-42110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42110"
},
{
"name": "CVE-2024-40936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40936"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2024-41096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41096"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2023-52887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52887"
},
{
"name": "CVE-2024-39483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39483"
},
{
"name": "CVE-2024-39491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39491"
},
{
"name": "CVE-2024-40922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40922"
},
{
"name": "CVE-2024-40926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40926"
},
{
"name": "CVE-2024-40930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40930"
},
{
"name": "CVE-2024-40944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40944"
},
{
"name": "CVE-2024-40962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40962"
},
{
"name": "CVE-2024-40964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40964"
},
{
"name": "CVE-2024-40992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40992"
},
{
"name": "CVE-2024-40997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40997"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-41093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2024-42076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42076"
},
{
"name": "CVE-2024-42077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42077"
},
{
"name": "CVE-2024-42080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42080"
},
{
"name": "CVE-2024-42085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42085"
},
{
"name": "CVE-2024-42086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42086"
},
{
"name": "CVE-2024-42087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42087"
},
{
"name": "CVE-2024-42089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42089"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2024-42092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42092"
},
{
"name": "CVE-2024-42095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42095"
},
{
"name": "CVE-2024-42097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42097"
},
{
"name": "CVE-2024-42098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42098"
},
{
"name": "CVE-2024-42109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42109"
},
{
"name": "CVE-2024-42130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42130"
},
{
"name": "CVE-2024-42225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42225"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2024-42270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42270"
},
{
"name": "CVE-2021-4441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4441"
},
{
"name": "CVE-2022-48868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48868"
},
{
"name": "CVE-2022-48869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48869"
},
{
"name": "CVE-2022-48870",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48870"
},
{
"name": "CVE-2022-48871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48871"
},
{
"name": "CVE-2022-48872",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48872"
},
{
"name": "CVE-2022-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48873"
},
{
"name": "CVE-2022-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48875"
},
{
"name": "CVE-2022-48878",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48878"
},
{
"name": "CVE-2022-48880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48880"
},
{
"name": "CVE-2022-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48890"
},
{
"name": "CVE-2022-48891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48891"
},
{
"name": "CVE-2022-48896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48896"
},
{
"name": "CVE-2022-48898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48898"
},
{
"name": "CVE-2022-48899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48899"
},
{
"name": "CVE-2022-48903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48903"
},
{
"name": "CVE-2022-48904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48904"
},
{
"name": "CVE-2022-48905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48905"
},
{
"name": "CVE-2022-48907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48907"
},
{
"name": "CVE-2022-48909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48909"
},
{
"name": "CVE-2022-48912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48912"
},
{
"name": "CVE-2022-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48913"
},
{
"name": "CVE-2022-48914",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48914"
},
{
"name": "CVE-2022-48915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48915"
},
{
"name": "CVE-2022-48916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48916"
},
{
"name": "CVE-2022-48917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48917"
},
{
"name": "CVE-2022-48918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48918"
},
{
"name": "CVE-2022-48919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48919"
},
{
"name": "CVE-2022-48921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48921"
},
{
"name": "CVE-2022-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48924"
},
{
"name": "CVE-2022-48925",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48925"
},
{
"name": "CVE-2022-48926",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48926"
},
{
"name": "CVE-2022-48927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48927"
},
{
"name": "CVE-2022-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48928"
},
{
"name": "CVE-2022-48929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48929"
},
{
"name": "CVE-2022-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48930"
},
{
"name": "CVE-2022-48931",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48931"
},
{
"name": "CVE-2022-48932",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48932"
},
{
"name": "CVE-2022-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48934"
},
{
"name": "CVE-2022-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48935"
},
{
"name": "CVE-2022-48937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48937"
},
{
"name": "CVE-2022-48938",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48938"
},
{
"name": "CVE-2022-48941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48941"
},
{
"name": "CVE-2022-48942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48942"
},
{
"name": "CVE-2022-48943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48943"
},
{
"name": "CVE-2023-52668",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52668"
},
{
"name": "CVE-2023-52688",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52688"
},
{
"name": "CVE-2023-52859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52859"
},
{
"name": "CVE-2023-52889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52889"
},
{
"name": "CVE-2023-52893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52893"
},
{
"name": "CVE-2023-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52894"
},
{
"name": "CVE-2023-52896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52896"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2023-52900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52900"
},
{
"name": "CVE-2023-52901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52901"
},
{
"name": "CVE-2023-52905",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52905"
},
{
"name": "CVE-2023-52907",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52907"
},
{
"name": "CVE-2023-52911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52911"
},
{
"name": "CVE-2024-26637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26637"
},
{
"name": "CVE-2024-26682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26682"
},
{
"name": "CVE-2024-26683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26683"
},
{
"name": "CVE-2024-26849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26849"
},
{
"name": "CVE-2024-36907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36907"
},
{
"name": "CVE-2024-36970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36970"
},
{
"name": "CVE-2024-38609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38609"
},
{
"name": "CVE-2024-39486",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39486"
},
{
"name": "CVE-2024-41010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41010"
},
{
"name": "CVE-2024-41024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41024"
},
{
"name": "CVE-2024-41025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41025"
},
{
"name": "CVE-2024-41028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41028"
},
{
"name": "CVE-2024-41032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41032"
},
{
"name": "CVE-2024-41036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41036"
},
{
"name": "CVE-2024-41037",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41037"
},
{
"name": "CVE-2024-41038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41038"
},
{
"name": "CVE-2024-41039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41039"
},
{
"name": "CVE-2024-41045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41045"
},
{
"name": "CVE-2024-41050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41050"
},
{
"name": "CVE-2024-41051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41051"
},
{
"name": "CVE-2024-41056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41056"
},
{
"name": "CVE-2024-41061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41061"
},
{
"name": "CVE-2024-41062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41062"
},
{
"name": "CVE-2024-41074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41074"
},
{
"name": "CVE-2024-41075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41075"
},
{
"name": "CVE-2024-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41079"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-41084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41084"
},
{
"name": "CVE-2024-41088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41088"
},
{
"name": "CVE-2024-41094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41094"
},
{
"name": "CVE-2024-41098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41098"
},
{
"name": "CVE-2024-42064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42064"
},
{
"name": "CVE-2024-42069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42069"
},
{
"name": "CVE-2024-42073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42073"
},
{
"name": "CVE-2024-42074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42074"
},
{
"name": "CVE-2024-42107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42107"
},
{
"name": "CVE-2024-42113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42113"
},
{
"name": "CVE-2024-42114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42114"
},
{
"name": "CVE-2024-42117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42117"
},
{
"name": "CVE-2024-42125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42125"
},
{
"name": "CVE-2024-42126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42126"
},
{
"name": "CVE-2024-42132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42132"
},
{
"name": "CVE-2024-42133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42133"
},
{
"name": "CVE-2024-42136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42136"
},
{
"name": "CVE-2024-42138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42138"
},
{
"name": "CVE-2024-42139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42139"
},
{
"name": "CVE-2024-42141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42141"
},
{
"name": "CVE-2024-42142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42142"
},
{
"name": "CVE-2024-42144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42144"
},
{
"name": "CVE-2024-42147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42147"
},
{
"name": "CVE-2024-42155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42155"
},
{
"name": "CVE-2024-42156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42156"
},
{
"name": "CVE-2024-42158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42158"
},
{
"name": "CVE-2024-42159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42159"
},
{
"name": "CVE-2024-42162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42162"
},
{
"name": "CVE-2024-42226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42226"
},
{
"name": "CVE-2024-42227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42227"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2024-42237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-42239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42239"
},
{
"name": "CVE-2024-42241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42241"
},
{
"name": "CVE-2024-42245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42245"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-42250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42250"
},
{
"name": "CVE-2024-42253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42253"
},
{
"name": "CVE-2024-42259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42259"
},
{
"name": "CVE-2024-42268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42268"
},
{
"name": "CVE-2024-42269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42269"
},
{
"name": "CVE-2024-42271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42271"
},
{
"name": "CVE-2024-42274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42274"
},
{
"name": "CVE-2024-42276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42276"
},
{
"name": "CVE-2024-42277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42277"
},
{
"name": "CVE-2024-42278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42278"
},
{
"name": "CVE-2024-42279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42279"
},
{
"name": "CVE-2024-42280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42280"
},
{
"name": "CVE-2024-42281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42281"
},
{
"name": "CVE-2024-42283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42283"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-42285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42285"
},
{
"name": "CVE-2024-42286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42286"
},
{
"name": "CVE-2024-42287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42287"
},
{
"name": "CVE-2024-42288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42288"
},
{
"name": "CVE-2024-42289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42289"
},
{
"name": "CVE-2024-42290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42290"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
},
{
"name": "CVE-2024-42295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42295"
},
{
"name": "CVE-2024-42298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42298"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2024-42302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42302"
},
{
"name": "CVE-2024-42303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42303"
},
{
"name": "CVE-2024-42308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42308"
},
{
"name": "CVE-2024-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42309"
},
{
"name": "CVE-2024-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42310"
},
{
"name": "CVE-2024-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42311"
},
{
"name": "CVE-2024-42312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42312"
},
{
"name": "CVE-2024-42313",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42313"
},
{
"name": "CVE-2024-42314",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42314"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-42316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42316"
},
{
"name": "CVE-2024-42318",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42318"
},
{
"name": "CVE-2024-42319",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42319"
},
{
"name": "CVE-2024-42320",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42320"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43816"
},
{
"name": "CVE-2024-43817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43817"
},
{
"name": "CVE-2024-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43818"
},
{
"name": "CVE-2024-43819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43819"
},
{
"name": "CVE-2024-43821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43821"
},
{
"name": "CVE-2024-43823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43823"
},
{
"name": "CVE-2024-43824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43824"
},
{
"name": "CVE-2024-43825",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43825"
},
{
"name": "CVE-2024-43826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43826"
},
{
"name": "CVE-2024-43829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43829"
},
{
"name": "CVE-2024-43830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
},
{
"name": "CVE-2024-43831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43831"
},
{
"name": "CVE-2024-43833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43833"
},
{
"name": "CVE-2024-43834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43834"
},
{
"name": "CVE-2024-43837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43837"
},
{
"name": "CVE-2024-43839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43839"
},
{
"name": "CVE-2024-43840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43840"
},
{
"name": "CVE-2024-43841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43841"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2024-43846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43846"
},
{
"name": "CVE-2024-43847",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43847"
},
{
"name": "CVE-2024-43849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43849"
},
{
"name": "CVE-2024-43850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43850"
},
{
"name": "CVE-2024-43851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43851"
},
{
"name": "CVE-2024-43853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43853"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-43855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43855"
},
{
"name": "CVE-2024-43856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43856"
},
{
"name": "CVE-2024-43858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43858"
},
{
"name": "CVE-2024-43860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43860"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-43864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43864"
},
{
"name": "CVE-2024-43866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43866"
},
{
"name": "CVE-2024-43867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43867"
},
{
"name": "CVE-2024-43871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43871"
},
{
"name": "CVE-2024-43872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43872"
},
{
"name": "CVE-2024-43873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43873"
},
{
"name": "CVE-2024-43874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43874"
},
{
"name": "CVE-2024-43875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43875"
},
{
"name": "CVE-2024-43876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43876"
},
{
"name": "CVE-2024-43877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43877"
},
{
"name": "CVE-2024-43879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43879"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-43881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43881"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2024-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43883"
},
{
"name": "CVE-2024-43884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43884"
},
{
"name": "CVE-2024-43885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43885"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-43894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43894"
},
{
"name": "CVE-2024-43895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43895"
},
{
"name": "CVE-2024-43897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43897"
},
{
"name": "CVE-2024-43899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43899"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-43902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43902"
},
{
"name": "CVE-2024-43903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43903"
},
{
"name": "CVE-2024-43905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43905"
},
{
"name": "CVE-2024-43906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43906"
},
{
"name": "CVE-2024-43907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43907"
},
{
"name": "CVE-2024-43908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43908"
},
{
"name": "CVE-2024-43909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43909"
},
{
"name": "CVE-2024-43911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43911"
},
{
"name": "CVE-2024-43912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43912"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
},
{
"name": "CVE-2024-45003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45003"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0822",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3398-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243398-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3399-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243399-1"
},
{
"published_at": "2024-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3425-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243425-1"
},
{
"published_at": "2024-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3408-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243408-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3370-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243370-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3403-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243403-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3387-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243387-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3379-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243379-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3368-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243368-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3363-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243363-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3405-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243405-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3365-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243365-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3361-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243361-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3383-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243383-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3395-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243395-1"
},
{
"published_at": "2024-09-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:3375-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243375-1"
}
]
}
SUSE-SU-2024:3225-1
Vulnerability from csaf_suse - Published: 2024-09-12 12:12 - Updated: 2024-09-12 12:12Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
- CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
- CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109).
Patchnames
SUSE-2024-3225,SUSE-SUSE-MicroOS-5.1-2024-3225,SUSE-SUSE-MicroOS-5.2-2024-3225
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).\n- CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).\n- CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).\n- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).\n- CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).\n- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).\n- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).\n- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)\n- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)\n- CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).\n- CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512).\n- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)\n- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)\n- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).\n- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).\n\nThe following non-security bugs were fixed:\n\n- Bluetooth: L2CAP: Fix deadlock (git-fixes).\n- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3225,SUSE-SUSE-MicroOS-5.1-2024-3225,SUSE-SUSE-MicroOS-5.2-2024-3225",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3225-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3225-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243225-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3225-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-September/036876.html"
},
{
"category": "self",
"summary": "SUSE Bug 1176447",
"url": "https://bugzilla.suse.com/1176447"
},
{
"category": "self",
"summary": "SUSE Bug 1195668",
"url": "https://bugzilla.suse.com/1195668"
},
{
"category": "self",
"summary": "SUSE Bug 1195928",
"url": "https://bugzilla.suse.com/1195928"
},
{
"category": "self",
"summary": "SUSE Bug 1195957",
"url": "https://bugzilla.suse.com/1195957"
},
{
"category": "self",
"summary": "SUSE Bug 1196018",
"url": "https://bugzilla.suse.com/1196018"
},
{
"category": "self",
"summary": "SUSE Bug 1196516",
"url": "https://bugzilla.suse.com/1196516"
},
{
"category": "self",
"summary": "SUSE Bug 1196823",
"url": "https://bugzilla.suse.com/1196823"
},
{
"category": "self",
"summary": "SUSE Bug 1202346",
"url": "https://bugzilla.suse.com/1202346"
},
{
"category": "self",
"summary": "SUSE Bug 1209636",
"url": "https://bugzilla.suse.com/1209636"
},
{
"category": "self",
"summary": "SUSE Bug 1209799",
"url": "https://bugzilla.suse.com/1209799"
},
{
"category": "self",
"summary": "SUSE Bug 1210629",
"url": "https://bugzilla.suse.com/1210629"
},
{
"category": "self",
"summary": "SUSE Bug 1216834",
"url": "https://bugzilla.suse.com/1216834"
},
{
"category": "self",
"summary": "SUSE Bug 1222251",
"url": "https://bugzilla.suse.com/1222251"
},
{
"category": "self",
"summary": "SUSE Bug 1225109",
"url": "https://bugzilla.suse.com/1225109"
},
{
"category": "self",
"summary": "SUSE Bug 1225584",
"url": "https://bugzilla.suse.com/1225584"
},
{
"category": "self",
"summary": "SUSE Bug 1227832",
"url": "https://bugzilla.suse.com/1227832"
},
{
"category": "self",
"summary": "SUSE Bug 1227924",
"url": "https://bugzilla.suse.com/1227924"
},
{
"category": "self",
"summary": "SUSE Bug 1227928",
"url": "https://bugzilla.suse.com/1227928"
},
{
"category": "self",
"summary": "SUSE Bug 1227932",
"url": "https://bugzilla.suse.com/1227932"
},
{
"category": "self",
"summary": "SUSE Bug 1227935",
"url": "https://bugzilla.suse.com/1227935"
},
{
"category": "self",
"summary": "SUSE Bug 1227941",
"url": "https://bugzilla.suse.com/1227941"
},
{
"category": "self",
"summary": "SUSE Bug 1227942",
"url": "https://bugzilla.suse.com/1227942"
},
{
"category": "self",
"summary": "SUSE Bug 1227945",
"url": "https://bugzilla.suse.com/1227945"
},
{
"category": "self",
"summary": "SUSE Bug 1227952",
"url": "https://bugzilla.suse.com/1227952"
},
{
"category": "self",
"summary": "SUSE Bug 1227964",
"url": "https://bugzilla.suse.com/1227964"
},
{
"category": "self",
"summary": "SUSE Bug 1227969",
"url": "https://bugzilla.suse.com/1227969"
},
{
"category": "self",
"summary": "SUSE Bug 1227985",
"url": "https://bugzilla.suse.com/1227985"
},
{
"category": "self",
"summary": "SUSE Bug 1227987",
"url": "https://bugzilla.suse.com/1227987"
},
{
"category": "self",
"summary": "SUSE Bug 1227988",
"url": "https://bugzilla.suse.com/1227988"
},
{
"category": "self",
"summary": "SUSE Bug 1227989",
"url": "https://bugzilla.suse.com/1227989"
},
{
"category": "self",
"summary": "SUSE Bug 1227997",
"url": "https://bugzilla.suse.com/1227997"
},
{
"category": "self",
"summary": "SUSE Bug 1228000",
"url": "https://bugzilla.suse.com/1228000"
},
{
"category": "self",
"summary": "SUSE Bug 1228004",
"url": "https://bugzilla.suse.com/1228004"
},
{
"category": "self",
"summary": "SUSE Bug 1228005",
"url": "https://bugzilla.suse.com/1228005"
},
{
"category": "self",
"summary": "SUSE Bug 1228006",
"url": "https://bugzilla.suse.com/1228006"
},
{
"category": "self",
"summary": "SUSE Bug 1228015",
"url": "https://bugzilla.suse.com/1228015"
},
{
"category": "self",
"summary": "SUSE Bug 1228020",
"url": "https://bugzilla.suse.com/1228020"
},
{
"category": "self",
"summary": "SUSE Bug 1228037",
"url": "https://bugzilla.suse.com/1228037"
},
{
"category": "self",
"summary": "SUSE Bug 1228045",
"url": "https://bugzilla.suse.com/1228045"
},
{
"category": "self",
"summary": "SUSE Bug 1228060",
"url": "https://bugzilla.suse.com/1228060"
},
{
"category": "self",
"summary": "SUSE Bug 1228062",
"url": "https://bugzilla.suse.com/1228062"
},
{
"category": "self",
"summary": "SUSE Bug 1228066",
"url": "https://bugzilla.suse.com/1228066"
},
{
"category": "self",
"summary": "SUSE Bug 1228466",
"url": "https://bugzilla.suse.com/1228466"
},
{
"category": "self",
"summary": "SUSE Bug 1228516",
"url": "https://bugzilla.suse.com/1228516"
},
{
"category": "self",
"summary": "SUSE Bug 1228576",
"url": "https://bugzilla.suse.com/1228576"
},
{
"category": "self",
"summary": "SUSE Bug 1228959",
"url": "https://bugzilla.suse.com/1228959"
},
{
"category": "self",
"summary": "SUSE Bug 1229400",
"url": "https://bugzilla.suse.com/1229400"
},
{
"category": "self",
"summary": "SUSE Bug 1229454",
"url": "https://bugzilla.suse.com/1229454"
},
{
"category": "self",
"summary": "SUSE Bug 1229500",
"url": "https://bugzilla.suse.com/1229500"
},
{
"category": "self",
"summary": "SUSE Bug 1229503",
"url": "https://bugzilla.suse.com/1229503"
},
{
"category": "self",
"summary": "SUSE Bug 1229510",
"url": "https://bugzilla.suse.com/1229510"
},
{
"category": "self",
"summary": "SUSE Bug 1229512",
"url": "https://bugzilla.suse.com/1229512"
},
{
"category": "self",
"summary": "SUSE Bug 1229598",
"url": "https://bugzilla.suse.com/1229598"
},
{
"category": "self",
"summary": "SUSE Bug 1229604",
"url": "https://bugzilla.suse.com/1229604"
},
{
"category": "self",
"summary": "SUSE Bug 1229607",
"url": "https://bugzilla.suse.com/1229607"
},
{
"category": "self",
"summary": "SUSE Bug 1229620",
"url": "https://bugzilla.suse.com/1229620"
},
{
"category": "self",
"summary": "SUSE Bug 1229621",
"url": "https://bugzilla.suse.com/1229621"
},
{
"category": "self",
"summary": "SUSE Bug 1229624",
"url": "https://bugzilla.suse.com/1229624"
},
{
"category": "self",
"summary": "SUSE Bug 1229626",
"url": "https://bugzilla.suse.com/1229626"
},
{
"category": "self",
"summary": "SUSE Bug 1229629",
"url": "https://bugzilla.suse.com/1229629"
},
{
"category": "self",
"summary": "SUSE Bug 1229630",
"url": "https://bugzilla.suse.com/1229630"
},
{
"category": "self",
"summary": "SUSE Bug 1229637",
"url": "https://bugzilla.suse.com/1229637"
},
{
"category": "self",
"summary": "SUSE Bug 1229641",
"url": "https://bugzilla.suse.com/1229641"
},
{
"category": "self",
"summary": "SUSE Bug 1229657",
"url": "https://bugzilla.suse.com/1229657"
},
{
"category": "self",
"summary": "SUSE Bug 1229707",
"url": "https://bugzilla.suse.com/1229707"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4441 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48775 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48778 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48787 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48788 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48789 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48789/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48798 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48802 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48805 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48811 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48823 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48824 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48827 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48834 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48835 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48836 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48837 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48838 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48839 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48843 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48851 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48853 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48856 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48857 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48858 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48872 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48873 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48901 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48901/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48905 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48912 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48917 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48919 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48925 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48926 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48928 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48930 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48933 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48934 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52854 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41062 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41087 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42271 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43883 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44947/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2024-09-12T12:12:38Z",
"generator": {
"date": "2024-09-12T12:12:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3225-1",
"initial_release_date": "2024-09-12T12:12:38Z",
"revision_history": [
{
"date": "2024-09-12T12:12:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.3.18-150300.181.2.noarch",
"product": {
"name": "kernel-devel-rt-5.3.18-150300.181.2.noarch",
"product_id": "kernel-devel-rt-5.3.18-150300.181.2.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.3.18-150300.181.2.noarch",
"product": {
"name": "kernel-source-rt-5.3.18-150300.181.2.noarch",
"product_id": "kernel-source-rt-5.3.18-150300.181.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.3.18-150300.181.2.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.3.18-150300.181.2.x86_64",
"product_id": "cluster-md-kmp-rt-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.181.2.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.181.2.x86_64",
"product_id": "cluster-md-kmp-rt_debug-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.3.18-150300.181.2.x86_64",
"product": {
"name": "dlm-kmp-rt-5.3.18-150300.181.2.x86_64",
"product_id": "dlm-kmp-rt-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-5.3.18-150300.181.2.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-5.3.18-150300.181.2.x86_64",
"product_id": "dlm-kmp-rt_debug-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.3.18-150300.181.2.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.3.18-150300.181.2.x86_64",
"product_id": "gfs2-kmp-rt-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-5.3.18-150300.181.2.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-5.3.18-150300.181.2.x86_64",
"product_id": "gfs2-kmp-rt_debug-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.3.18-150300.181.2.x86_64",
"product": {
"name": "kernel-rt-5.3.18-150300.181.2.x86_64",
"product_id": "kernel-rt-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.3.18-150300.181.2.x86_64",
"product": {
"name": "kernel-rt-devel-5.3.18-150300.181.2.x86_64",
"product_id": "kernel-rt-devel-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.3.18-150300.181.2.x86_64",
"product": {
"name": "kernel-rt-extra-5.3.18-150300.181.2.x86_64",
"product_id": "kernel-rt-extra-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.3.18-150300.181.2.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.3.18-150300.181.2.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.3.18-150300.181.2.x86_64",
"product": {
"name": "kernel-rt-optional-5.3.18-150300.181.2.x86_64",
"product_id": "kernel-rt-optional-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.3.18-150300.181.2.x86_64",
"product": {
"name": "kernel-rt_debug-5.3.18-150300.181.2.x86_64",
"product_id": "kernel-rt_debug-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.3.18-150300.181.2.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.3.18-150300.181.2.x86_64",
"product_id": "kernel-rt_debug-devel-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-5.3.18-150300.181.2.x86_64",
"product": {
"name": "kernel-rt_debug-extra-5.3.18-150300.181.2.x86_64",
"product_id": "kernel-rt_debug-extra-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.181.2.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.181.2.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-optional-5.3.18-150300.181.2.x86_64",
"product": {
"name": "kernel-rt_debug-optional-5.3.18-150300.181.2.x86_64",
"product_id": "kernel-rt_debug-optional-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.3.18-150300.181.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.3.18-150300.181.1.x86_64",
"product_id": "kernel-syms-rt-5.3.18-150300.181.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.3.18-150300.181.2.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.3.18-150300.181.2.x86_64",
"product_id": "kselftests-kmp-rt-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-5.3.18-150300.181.2.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-5.3.18-150300.181.2.x86_64",
"product_id": "kselftests-kmp-rt_debug-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.3.18-150300.181.2.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.3.18-150300.181.2.x86_64",
"product_id": "ocfs2-kmp-rt-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.181.2.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.181.2.x86_64",
"product_id": "ocfs2-kmp-rt_debug-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.3.18-150300.181.2.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.3.18-150300.181.2.x86_64",
"product_id": "reiserfs-kmp-rt-5.3.18-150300.181.2.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.181.2.x86_64",
"product": {
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.181.2.x86_64",
"product_id": "reiserfs-kmp-rt_debug-5.3.18-150300.181.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.181.2.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.181.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-150300.181.2.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-150300.181.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.181.2.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.181.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-150300.181.2.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-150300.181.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4441"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()\n\nIn zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(),\nwhich could lead to a NULL pointer dereference on failure of\nkzalloc().\n\nFix this bug by adding a check of tmpbuf.\n\nThis bug was found by a static analyzer. The analysis employs\ndifferential checking to identify inconsistent security operations\n(e.g., checks or kfrees) between two code paths and confirms that the\ninconsistent operations are not recovered in the current function or\nthe callers, so they constitute bugs.\n\nNote that, as a bug found by static analysis, it can be a false\npositive or hard to trigger. Multiple researchers have cross-reviewed\nthe bug.\n\nBuilds with CONFIG_SPI_ZYNQ_QSPI=m show no new warnings,\nand our static analyzer no longer warns about this code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4441",
"url": "https://www.suse.com/security/cve/CVE-2021-4441"
},
{
"category": "external",
"summary": "SUSE Bug 1229598 for CVE-2021-4441",
"url": "https://bugzilla.suse.com/1229598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-4441"
},
{
"cve": "CVE-2022-48775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj\n\nkobject_init_and_add() takes reference even when it fails.\nAccording to the doc of kobject_init_and_add():\n\n If this function returns an error, kobject_put() must be called to\n properly clean up the memory associated with the object.\n\nFix memory leak by calling kobject_put().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48775",
"url": "https://www.suse.com/security/cve/CVE-2022-48775"
},
{
"category": "external",
"summary": "SUSE Bug 1227924 for CVE-2022-48775",
"url": "https://bugzilla.suse.com/1227924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48775"
},
{
"cve": "CVE-2022-48778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48778"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: gpmi: don\u0027t leak PM reference in error path\n\nIf gpmi_nfc_apply_timings() fails, the PM runtime usage counter must be\ndropped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48778",
"url": "https://www.suse.com/security/cve/CVE-2022-48778"
},
{
"category": "external",
"summary": "SUSE Bug 1227935 for CVE-2022-48778",
"url": "https://bugzilla.suse.com/1227935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48778"
},
{
"cve": "CVE-2022-48787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48787"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niwlwifi: fix use-after-free\n\nIf no firmware was present at all (or, presumably, all of the\nfirmware files failed to parse), we end up unbinding by calling\ndevice_release_driver(), which calls remove(), which then in\niwlwifi calls iwl_drv_stop(), freeing the \u0027drv\u0027 struct. However\nthe new code I added will still erroneously access it after it\nwas freed.\n\nSet \u0027failure=false\u0027 in this case to avoid the access, all data\nwas already freed anyway.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48787",
"url": "https://www.suse.com/security/cve/CVE-2022-48787"
},
{
"category": "external",
"summary": "SUSE Bug 1227932 for CVE-2022-48787",
"url": "https://bugzilla.suse.com/1227932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48787"
},
{
"cve": "CVE-2022-48788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-rdma: fix possible use-after-free in transport error_recovery work\n\nWhile nvme_rdma_submit_async_event_work is checking the ctrl and queue\nstate before preparing the AER command and scheduling io_work, in order\nto fully prevent a race where this check is not reliable the error\nrecovery work must flush async_event_work before continuing to destroy\nthe admin queue after setting the ctrl state to RESETTING such that\nthere is no race .submit_async_event and the error recovery handler\nitself changing the ctrl state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48788",
"url": "https://www.suse.com/security/cve/CVE-2022-48788"
},
{
"category": "external",
"summary": "SUSE Bug 1227952 for CVE-2022-48788",
"url": "https://bugzilla.suse.com/1227952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48788"
},
{
"cve": "CVE-2022-48789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48789"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix possible use-after-free in transport error_recovery work\n\nWhile nvme_tcp_submit_async_event_work is checking the ctrl and queue\nstate before preparing the AER command and scheduling io_work, in order\nto fully prevent a race where this check is not reliable the error\nrecovery work must flush async_event_work before continuing to destroy\nthe admin queue after setting the ctrl state to RESETTING such that\nthere is no race .submit_async_event and the error recovery handler\nitself changing the ctrl state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48789",
"url": "https://www.suse.com/security/cve/CVE-2022-48789"
},
{
"category": "external",
"summary": "SUSE Bug 1228000 for CVE-2022-48789",
"url": "https://bugzilla.suse.com/1228000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48789"
},
{
"cve": "CVE-2022-48790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix a possible use-after-free in controller reset during load\n\nUnlike .queue_rq, in .submit_async_event drivers may not check the ctrl\nreadiness for AER submission. This may lead to a use-after-free\ncondition that was observed with nvme-tcp.\n\nThe race condition may happen in the following scenario:\n1. driver executes its reset_ctrl_work\n2. -\u003e nvme_stop_ctrl - flushes ctrl async_event_work\n3. ctrl sends AEN which is received by the host, which in turn\n schedules AEN handling\n4. teardown admin queue (which releases the queue socket)\n5. AEN processed, submits another AER, calling the driver to submit\n6. driver attempts to send the cmd\n==\u003e use-after-free\n\nIn order to fix that, add ctrl state check to validate the ctrl\nis actually able to accept the AER submission.\n\nThis addresses the above race in controller resets because the driver\nduring teardown should:\n1. change ctrl state to RESETTING\n2. flush async_event_work (as well as other async work elements)\n\nSo after 1,2, any other AER command will find the\nctrl state to be RESETTING and bail out without submitting the AER.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48790",
"url": "https://www.suse.com/security/cve/CVE-2022-48790"
},
{
"category": "external",
"summary": "SUSE Bug 1227941 for CVE-2022-48790",
"url": "https://bugzilla.suse.com/1227941"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48790"
},
{
"cve": "CVE-2022-48798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cio: verify the driver availability for path_event call\n\nIf no driver is attached to a device or the driver does not provide the\npath_event function, an FCES path-event on this device could end up in a\nkernel-panic. Verify the driver availability before the path_event\nfunction call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48798",
"url": "https://www.suse.com/security/cve/CVE-2022-48798"
},
{
"category": "external",
"summary": "SUSE Bug 1227945 for CVE-2022-48798",
"url": "https://bugzilla.suse.com/1227945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48798"
},
{
"cve": "CVE-2022-48802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: task_mmu.c: don\u0027t read mapcount for migration entry\n\nThe syzbot reported the below BUG:\n\n kernel BUG at include/linux/page-flags.h:785!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n CPU: 1 PID: 4392 Comm: syz-executor560 Not tainted 5.16.0-rc6-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline]\n RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744\n Call Trace:\n page_mapcount include/linux/mm.h:837 [inline]\n smaps_account+0x470/0xb10 fs/proc/task_mmu.c:466\n smaps_pte_entry fs/proc/task_mmu.c:538 [inline]\n smaps_pte_range+0x611/0x1250 fs/proc/task_mmu.c:601\n walk_pmd_range mm/pagewalk.c:128 [inline]\n walk_pud_range mm/pagewalk.c:205 [inline]\n walk_p4d_range mm/pagewalk.c:240 [inline]\n walk_pgd_range mm/pagewalk.c:277 [inline]\n __walk_page_range+0xe23/0x1ea0 mm/pagewalk.c:379\n walk_page_vma+0x277/0x350 mm/pagewalk.c:530\n smap_gather_stats.part.0+0x148/0x260 fs/proc/task_mmu.c:768\n smap_gather_stats fs/proc/task_mmu.c:741 [inline]\n show_smap+0xc6/0x440 fs/proc/task_mmu.c:822\n seq_read_iter+0xbb0/0x1240 fs/seq_file.c:272\n seq_read+0x3e0/0x5b0 fs/seq_file.c:162\n vfs_read+0x1b5/0x600 fs/read_write.c:479\n ksys_read+0x12d/0x250 fs/read_write.c:619\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe reproducer was trying to read /proc/$PID/smaps when calling\nMADV_FREE at the mean time. MADV_FREE may split THPs if it is called\nfor partial THP. It may trigger the below race:\n\n CPU A CPU B\n ----- -----\n smaps walk: MADV_FREE:\n page_mapcount()\n PageCompound()\n split_huge_page()\n page = compound_head(page)\n PageDoubleMap(page)\n\nWhen calling PageDoubleMap() this page is not a tail page of THP anymore\nso the BUG is triggered.\n\nThis could be fixed by elevated refcount of the page before calling\nmapcount, but that would prevent it from counting migration entries, and\nit seems overkilling because the race just could happen when PMD is\nsplit so all PTE entries of tail pages are actually migration entries,\nand smaps_account() does treat migration entries as mapcount == 1 as\nKirill pointed out.\n\nAdd a new parameter for smaps_account() to tell this entry is migration\nentry then skip calling page_mapcount(). Don\u0027t skip getting mapcount\nfor device private entries since they do track references with mapcount.\n\nPagemap also has the similar issue although it was not reported. Fixed\nit as well.\n\n[shy828301@gmail.com: v4]\n[nathan@kernel.org: avoid unused variable warning in pagemap_pmd_range()]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48802",
"url": "https://www.suse.com/security/cve/CVE-2022-48802"
},
{
"category": "external",
"summary": "SUSE Bug 1227942 for CVE-2022-48802",
"url": "https://bugzilla.suse.com/1227942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48802"
},
{
"cve": "CVE-2022-48805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48805"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup\n\nax88179_rx_fixup() contains several out-of-bounds accesses that can be\ntriggered by a malicious (or defective) USB device, in particular:\n\n - The metadata array (hdr_off..hdr_off+2*pkt_cnt) can be out of bounds,\n causing OOB reads and (on big-endian systems) OOB endianness flips.\n - A packet can overlap the metadata array, causing a later OOB\n endianness flip to corrupt data used by a cloned SKB that has already\n been handed off into the network stack.\n - A packet SKB can be constructed whose tail is far beyond its end,\n causing out-of-bounds heap data to be considered part of the SKB\u0027s\n data.\n\nI have tested that this can be used by a malicious USB device to send a\nbogus ICMPv6 Echo Request and receive an ICMPv6 Echo Reply in response\nthat contains random kernel heap data.\nIt\u0027s probably also possible to get OOB writes from this on a\nlittle-endian system somehow - maybe by triggering skb_cow() via IP\noptions processing -, but I haven\u0027t tested that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48805",
"url": "https://www.suse.com/security/cve/CVE-2022-48805"
},
{
"category": "external",
"summary": "SUSE Bug 1227969 for CVE-2022-48805",
"url": "https://bugzilla.suse.com/1227969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48805"
},
{
"cve": "CVE-2022-48811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48811"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: don\u0027t release napi in __ibmvnic_open()\n\nIf __ibmvnic_open() encounters an error such as when setting link state,\nit calls release_resources() which frees the napi structures needlessly.\nInstead, have __ibmvnic_open() only clean up the work it did so far (i.e.\ndisable napi and irqs) and leave the rest to the callers.\n\nIf caller of __ibmvnic_open() is ibmvnic_open(), it should release the\nresources immediately. If the caller is do_reset() or do_hard_reset(),\nthey will release the resources on the next reset.\n\nThis fixes following crash that occurred when running the drmgr command\nseveral times to add/remove a vnic interface:\n\n\t[102056] ibmvnic 30000003 env3: Disabling rx_scrq[6] irq\n\t[102056] ibmvnic 30000003 env3: Disabling rx_scrq[7] irq\n\t[102056] ibmvnic 30000003 env3: Replenished 8 pools\n\tKernel attempted to read user page (10) - exploit attempt? (uid: 0)\n\tBUG: Kernel NULL pointer dereference on read at 0x00000010\n\tFaulting instruction address: 0xc000000000a3c840\n\tOops: Kernel access of bad area, sig: 11 [#1]\n\tLE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n\t...\n\tCPU: 9 PID: 102056 Comm: kworker/9:2 Kdump: loaded Not tainted 5.16.0-rc5-autotest-g6441998e2e37 #1\n\tWorkqueue: events_long __ibmvnic_reset [ibmvnic]\n\tNIP: c000000000a3c840 LR: c0080000029b5378 CTR: c000000000a3c820\n\tREGS: c0000000548e37e0 TRAP: 0300 Not tainted (5.16.0-rc5-autotest-g6441998e2e37)\n\tMSR: 8000000000009033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 28248484 XER: 00000004\n\tCFAR: c0080000029bdd24 DAR: 0000000000000010 DSISR: 40000000 IRQMASK: 0\n\tGPR00: c0080000029b55d0 c0000000548e3a80 c0000000028f0200 0000000000000000\n\t...\n\tNIP [c000000000a3c840] napi_enable+0x20/0xc0\n\tLR [c0080000029b5378] __ibmvnic_open+0xf0/0x430 [ibmvnic]\n\tCall Trace:\n\t[c0000000548e3a80] [0000000000000006] 0x6 (unreliable)\n\t[c0000000548e3ab0] [c0080000029b55d0] __ibmvnic_open+0x348/0x430 [ibmvnic]\n\t[c0000000548e3b40] [c0080000029bcc28] __ibmvnic_reset+0x500/0xdf0 [ibmvnic]\n\t[c0000000548e3c60] [c000000000176228] process_one_work+0x288/0x570\n\t[c0000000548e3d00] [c000000000176588] worker_thread+0x78/0x660\n\t[c0000000548e3da0] [c0000000001822f0] kthread+0x1c0/0x1d0\n\t[c0000000548e3e10] [c00000000000cf64] ret_from_kernel_thread+0x5c/0x64\n\tInstruction dump:\n\t7d2948f8 792307e0 4e800020 60000000 3c4c01eb 384239e0 f821ffd1 39430010\n\t38a0fff6 e92d1100 f9210028 39200000 \u003ce9030010\u003e f9010020 60420000 e9210020\n\t---[ end trace 5f8033b08fd27706 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48811",
"url": "https://www.suse.com/security/cve/CVE-2022-48811"
},
{
"category": "external",
"summary": "SUSE Bug 1227928 for CVE-2022-48811",
"url": "https://bugzilla.suse.com/1227928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48811"
},
{
"cve": "CVE-2022-48823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Fix refcount issue when LOGO is received during TMF\n\nHung task call trace was seen during LOGO processing.\n\n[ 974.309060] [0000:00:00.0]:[qedf_eh_device_reset:868]: 1:0:2:0: LUN RESET Issued...\n[ 974.309065] [0000:00:00.0]:[qedf_initiate_tmf:2422]: tm_flags 0x10 sc_cmd 00000000c16b930f op = 0x2a target_id = 0x2 lun=0\n[ 974.309178] [0000:00:00.0]:[qedf_initiate_tmf:2431]: portid=016900 tm_flags =LUN RESET\n[ 974.309222] [0000:00:00.0]:[qedf_initiate_tmf:2438]: orig io_req = 00000000ec78df8f xid = 0x180 ref_cnt = 1.\n[ 974.309625] host1: rport 016900: Received LOGO request while in state Ready\n[ 974.309627] host1: rport 016900: Delete port\n[ 974.309642] host1: rport 016900: work event 3\n[ 974.309644] host1: rport 016900: lld callback ev 3\n[ 974.313243] [0000:61:00.2]:[qedf_execute_tmf:2383]:1: fcport is uploading, not executing flush.\n[ 974.313295] [0000:61:00.2]:[qedf_execute_tmf:2400]:1: task mgmt command success...\n[ 984.031088] INFO: task jbd2/dm-15-8:7645 blocked for more than 120 seconds.\n[ 984.031136] Not tainted 4.18.0-305.el8.x86_64 #1\n\n[ 984.031166] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 984.031209] jbd2/dm-15-8 D 0 7645 2 0x80004080\n[ 984.031212] Call Trace:\n[ 984.031222] __schedule+0x2c4/0x700\n[ 984.031230] ? unfreeze_partials.isra.83+0x16e/0x1a0\n[ 984.031233] ? bit_wait_timeout+0x90/0x90\n[ 984.031235] schedule+0x38/0xa0\n[ 984.031238] io_schedule+0x12/0x40\n[ 984.031240] bit_wait_io+0xd/0x50\n[ 984.031243] __wait_on_bit+0x6c/0x80\n[ 984.031248] ? free_buffer_head+0x21/0x50\n[ 984.031251] out_of_line_wait_on_bit+0x91/0xb0\n[ 984.031257] ? init_wait_var_entry+0x50/0x50\n[ 984.031268] jbd2_journal_commit_transaction+0x112e/0x19f0 [jbd2]\n[ 984.031280] kjournald2+0xbd/0x270 [jbd2]\n[ 984.031284] ? finish_wait+0x80/0x80\n[ 984.031291] ? commit_timeout+0x10/0x10 [jbd2]\n[ 984.031294] kthread+0x116/0x130\n[ 984.031300] ? kthread_flush_work_fn+0x10/0x10\n[ 984.031305] ret_from_fork+0x1f/0x40\n\nThere was a ref count issue when LOGO is received during TMF. This leads to\none of the I/Os hanging with the driver. Fix the ref count.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48823",
"url": "https://www.suse.com/security/cve/CVE-2022-48823"
},
{
"category": "external",
"summary": "SUSE Bug 1228045 for CVE-2022-48823",
"url": "https://bugzilla.suse.com/1228045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48823"
},
{
"cve": "CVE-2022-48824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: myrs: Fix crash in error case\n\nIn myrs_detect(), cs-\u003edisable_intr is NULL when privdata-\u003ehw_init() fails\nwith non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and\ncrash the kernel.\n\n[ 1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A\n[ 1.105872] myrs 0000:00:03.0: Failed to initialize Controller\n[ 1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 1.110774] Call Trace:\n[ 1.110950] myrs_cleanup+0xe4/0x150 [myrs]\n[ 1.111135] myrs_probe.cold+0x91/0x56a [myrs]\n[ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [myrs]\n[ 1.111500] local_pci_probe+0x48/0x90",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48824",
"url": "https://www.suse.com/security/cve/CVE-2022-48824"
},
{
"category": "external",
"summary": "SUSE Bug 1227964 for CVE-2022-48824",
"url": "https://bugzilla.suse.com/1227964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48824"
},
{
"cve": "CVE-2022-48827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix the behavior of READ near OFFSET_MAX\n\nDan Aloni reports:\n\u003e Due to commit 8cfb9015280d (\"NFS: Always provide aligned buffers to\n\u003e the RPC read layers\") on the client, a read of 0xfff is aligned up\n\u003e to server rsize of 0x1000.\n\u003e\n\u003e As a result, in a test where the server has a file of size\n\u003e 0x7fffffffffffffff, and the client tries to read from the offset\n\u003e 0x7ffffffffffff000, the read causes loff_t overflow in the server\n\u003e and it returns an NFS code of EINVAL to the client. The client as\n\u003e a result indefinitely retries the request.\n\nThe Linux NFS client does not handle NFS?ERR_INVAL, even though all\nNFS specifications permit servers to return that status code for a\nREAD.\n\nInstead of NFS?ERR_INVAL, have out-of-range READ requests succeed\nand return a short result. Set the EOF flag in the result to prevent\nthe client from retrying the READ request. This behavior appears to\nbe consistent with Solaris NFS servers.\n\nNote that NFSv3 and NFSv4 use u64 offset values on the wire. These\nmust be converted to loff_t internally before use -- an implicit\ntype cast is not adequate for this purpose. Otherwise VFS checks\nagainst sb-\u003es_maxbytes do not work properly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48827",
"url": "https://www.suse.com/security/cve/CVE-2022-48827"
},
{
"category": "external",
"summary": "SUSE Bug 1228037 for CVE-2022-48827",
"url": "https://bugzilla.suse.com/1228037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48827"
},
{
"cve": "CVE-2022-48834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: usbtmc: Fix bug in pipe direction for control transfers\n\nThe syzbot fuzzer reported a minor bug in the usbtmc driver:\n\nusb 5-1: BOGUS control dir, pipe 80001e80 doesn\u0027t match bRequestType 0\nWARNING: CPU: 0 PID: 3813 at drivers/usb/core/urb.c:412\nusb_submit_urb+0x13a5/0x1970 drivers/usb/core/urb.c:410\nModules linked in:\nCPU: 0 PID: 3813 Comm: syz-executor122 Not tainted\n5.17.0-rc5-syzkaller-00306-g2293be58d6a1 #0\n...\nCall Trace:\n \u003cTASK\u003e\n usb_start_wait_urb+0x113/0x530 drivers/usb/core/message.c:58\n usb_internal_control_msg drivers/usb/core/message.c:102 [inline]\n usb_control_msg+0x2a5/0x4b0 drivers/usb/core/message.c:153\n usbtmc_ioctl_request drivers/usb/class/usbtmc.c:1947 [inline]\n\nThe problem is that usbtmc_ioctl_request() uses usb_rcvctrlpipe() for\nall of its transfers, whether they are in or out. It\u0027s easy to fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48834",
"url": "https://www.suse.com/security/cve/CVE-2022-48834"
},
{
"category": "external",
"summary": "SUSE Bug 1228062 for CVE-2022-48834",
"url": "https://bugzilla.suse.com/1228062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48834"
},
{
"cve": "CVE-2022-48835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Page fault in reply q processing\n\nA page fault was encountered in mpt3sas on a LUN reset error path:\n\n[ 145.763216] mpt3sas_cm1: Task abort tm failed: handle(0x0002),timeout(30) tr_method(0x0) smid(3) msix_index(0)\n[ 145.778932] scsi 1:0:0:0: task abort: FAILED scmd(0x0000000024ba29a2)\n[ 145.817307] scsi 1:0:0:0: attempting device reset! scmd(0x0000000024ba29a2)\n[ 145.827253] scsi 1:0:0:0: [sg1] tag#2 CDB: Receive Diagnostic 1c 01 01 ff fc 00\n[ 145.837617] scsi target1:0:0: handle(0x0002), sas_address(0x500605b0000272b9), phy(0)\n[ 145.848598] scsi target1:0:0: enclosure logical id(0x500605b0000272b8), slot(0)\n[ 149.858378] mpt3sas_cm1: Poll ReplyDescriptor queues for completion of smid(0), task_type(0x05), handle(0x0002)\n[ 149.875202] BUG: unable to handle page fault for address: 00000007fffc445d\n[ 149.885617] #PF: supervisor read access in kernel mode\n[ 149.894346] #PF: error_code(0x0000) - not-present page\n[ 149.903123] PGD 0 P4D 0\n[ 149.909387] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 149.917417] CPU: 24 PID: 3512 Comm: scsi_eh_1 Kdump: loaded Tainted: G S O 5.10.89-altav-1 #1\n[ 149.934327] Hardware name: DDN 200NVX2 /200NVX2-MB , BIOS ATHG2.2.02.01 09/10/2021\n[ 149.951871] RIP: 0010:_base_process_reply_queue+0x4b/0x900 [mpt3sas]\n[ 149.961889] Code: 0f 84 22 02 00 00 8d 48 01 49 89 fd 48 8d 57 38 f0 0f b1 4f 38 0f 85 d8 01 00 00 49 8b 45 10 45 31 e4 41 8b 55 0c 48 8d 1c d0 \u003c0f\u003e b6 03 83 e0 0f 3c 0f 0f 85 a2 00 00 00 e9 e6 01 00 00 0f b7 ee\n[ 149.991952] RSP: 0018:ffffc9000f1ebcb8 EFLAGS: 00010246\n[ 150.000937] RAX: 0000000000000055 RBX: 00000007fffc445d RCX: 000000002548f071\n[ 150.011841] RDX: 00000000ffff8881 RSI: 0000000000000001 RDI: ffff888125ed50d8\n[ 150.022670] RBP: 0000000000000000 R08: 0000000000000000 R09: c0000000ffff7fff\n[ 150.033445] R10: ffffc9000f1ebb68 R11: ffffc9000f1ebb60 R12: 0000000000000000\n[ 150.044204] R13: ffff888125ed50d8 R14: 0000000000000080 R15: 34cdc00034cdea80\n[ 150.054963] FS: 0000000000000000(0000) GS:ffff88dfaf200000(0000) knlGS:0000000000000000\n[ 150.066715] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 150.076078] CR2: 00000007fffc445d CR3: 000000012448a006 CR4: 0000000000770ee0\n[ 150.086887] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 150.097670] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 150.108323] PKRU: 55555554\n[ 150.114690] Call Trace:\n[ 150.120497] ? printk+0x48/0x4a\n[ 150.127049] mpt3sas_scsih_issue_tm.cold.114+0x2e/0x2b3 [mpt3sas]\n[ 150.136453] mpt3sas_scsih_issue_locked_tm+0x86/0xb0 [mpt3sas]\n[ 150.145759] scsih_dev_reset+0xea/0x300 [mpt3sas]\n[ 150.153891] scsi_eh_ready_devs+0x541/0x9e0 [scsi_mod]\n[ 150.162206] ? __scsi_host_match+0x20/0x20 [scsi_mod]\n[ 150.170406] ? scsi_try_target_reset+0x90/0x90 [scsi_mod]\n[ 150.178925] ? blk_mq_tagset_busy_iter+0x45/0x60\n[ 150.186638] ? scsi_try_target_reset+0x90/0x90 [scsi_mod]\n[ 150.195087] scsi_error_handler+0x3a5/0x4a0 [scsi_mod]\n[ 150.203206] ? __schedule+0x1e9/0x610\n[ 150.209783] ? scsi_eh_get_sense+0x210/0x210 [scsi_mod]\n[ 150.217924] kthread+0x12e/0x150\n[ 150.224041] ? kthread_worker_fn+0x130/0x130\n[ 150.231206] ret_from_fork+0x1f/0x30\n\nThis is caused by mpt3sas_base_sync_reply_irqs() using an invalid reply_q\npointer outside of the list_for_each_entry() loop. At the end of the full\nlist traversal the pointer is invalid.\n\nMove the _base_process_reply_queue() call inside of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48835",
"url": "https://www.suse.com/security/cve/CVE-2022-48835"
},
{
"category": "external",
"summary": "SUSE Bug 1228060 for CVE-2022-48835",
"url": "https://bugzilla.suse.com/1228060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48835"
},
{
"cve": "CVE-2022-48836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: aiptek - properly check endpoint type\n\nSyzbot reported warning in usb_submit_urb() which is caused by wrong\nendpoint type. There was a check for the number of endpoints, but not\nfor the type of endpoint.\n\nFix it by replacing old desc.bNumEndpoints check with\nusb_find_common_endpoints() helper for finding endpoints\n\nFail log:\n\nusb 5-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 2 PID: 48 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\nModules linked in:\nCPU: 2 PID: 48 Comm: kworker/2:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07ebd38a0da2 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nWorkqueue: usb_hub_wq hub_event\n...\nCall Trace:\n \u003cTASK\u003e\n aiptek_open+0xd5/0x130 drivers/input/tablet/aiptek.c:830\n input_open_device+0x1bb/0x320 drivers/input/input.c:629\n kbd_connect+0xfe/0x160 drivers/tty/vt/keyboard.c:1593",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48836",
"url": "https://www.suse.com/security/cve/CVE-2022-48836"
},
{
"category": "external",
"summary": "SUSE Bug 1227989 for CVE-2022-48836",
"url": "https://bugzilla.suse.com/1227989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48836"
},
{
"cve": "CVE-2022-48837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48837"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: rndis: prevent integer overflow in rndis_set_response()\n\nIf \"BufOffset\" is very large the \"BufOffset + 8\" operation can have an\ninteger overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48837",
"url": "https://www.suse.com/security/cve/CVE-2022-48837"
},
{
"category": "external",
"summary": "SUSE Bug 1227987 for CVE-2022-48837",
"url": "https://bugzilla.suse.com/1227987"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48837"
},
{
"cve": "CVE-2022-48838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: Fix use-after-free bug by not setting udc-\u003edev.driver\n\nThe syzbot fuzzer found a use-after-free bug:\n\nBUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320\nRead of size 8 at addr ffff88802b934098 by task udevd/3689\n\nCPU: 2 PID: 3689 Comm: udevd Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n dev_uevent+0x712/0x780 drivers/base/core.c:2320\n uevent_show+0x1b8/0x380 drivers/base/core.c:2391\n dev_attr_show+0x4b/0x90 drivers/base/core.c:2094\n\nAlthough the bug manifested in the driver core, the real cause was a\nrace with the gadget core. dev_uevent() does:\n\n\tif (dev-\u003edriver)\n\t\tadd_uevent_var(env, \"DRIVER=%s\", dev-\u003edriver-\u003ename);\n\nand between the test and the dereference of dev-\u003edriver, the gadget\ncore sets dev-\u003edriver to NULL.\n\nThe race wouldn\u0027t occur if the gadget core registered its devices on\na real bus, using the standard synchronization techniques of the\ndriver core. However, it\u0027s not necessary to make such a large change\nin order to fix this bug; all we need to do is make sure that\nudc-\u003edev.driver is always NULL.\n\nIn fact, there is no reason for udc-\u003edev.driver ever to be set to\nanything, let alone to the value it currently gets: the address of the\ngadget\u0027s driver. After all, a gadget driver only knows how to manage\na gadget, not how to manage a UDC.\n\nThis patch simply removes the statements in the gadget core that touch\nudc-\u003edev.driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48838",
"url": "https://www.suse.com/security/cve/CVE-2022-48838"
},
{
"category": "external",
"summary": "SUSE Bug 1227988 for CVE-2022-48838",
"url": "https://bugzilla.suse.com/1227988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48838"
},
{
"cve": "CVE-2022-48839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix slab-out-of-bounds access in packet_recvmsg()\n\nsyzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH\nand mmap operations, tpacket_rcv() is queueing skbs with\ngarbage in skb-\u003ecb[], triggering a too big copy [1]\n\nPresumably, users of af_packet using mmap() already gets correct\nmetadata from the mapped buffer, we can simply make sure\nto clear 12 bytes that might be copied to user space later.\n\nBUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:225 [inline]\nBUG: KASAN: stack-out-of-bounds in packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489\nWrite of size 165 at addr ffffc9000385fb78 by task syz-executor233/3631\n\nCPU: 0 PID: 3631 Comm: syz-executor233 Not tainted 5.17.0-rc7-syzkaller-02396-g0b3660695e80 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0xf/0x336 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189\n memcpy+0x39/0x60 mm/kasan/shadow.c:66\n memcpy include/linux/fortify-string.h:225 [inline]\n packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489\n sock_recvmsg_nosec net/socket.c:948 [inline]\n sock_recvmsg net/socket.c:966 [inline]\n sock_recvmsg net/socket.c:962 [inline]\n ____sys_recvmsg+0x2c4/0x600 net/socket.c:2632\n ___sys_recvmsg+0x127/0x200 net/socket.c:2674\n __sys_recvmsg+0xe2/0x1a0 net/socket.c:2704\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fdfd5954c29\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29\nRDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60\nR13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54\n \u003c/TASK\u003e\n\naddr ffffc9000385fb78 is located in stack of task syz-executor233/3631 at offset 32 in frame:\n ____sys_recvmsg+0x0/0x600 include/linux/uio.h:246\n\nthis frame has 1 object:\n [32, 160) \u0027addr\u0027\n\nMemory state around the buggy address:\n ffffc9000385fa80: 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00\n ffffc9000385fb00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00\n\u003effffc9000385fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3\n ^\n ffffc9000385fc00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1\n ffffc9000385fc80: f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48839",
"url": "https://www.suse.com/security/cve/CVE-2022-48839"
},
{
"category": "external",
"summary": "SUSE Bug 1227985 for CVE-2022-48839",
"url": "https://bugzilla.suse.com/1227985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48839"
},
{
"cve": "CVE-2022-48843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48843"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vrr: Set VRR capable prop only if it is attached to connector\n\nVRR capable property is not attached by default to the connector\nIt is attached only if VRR is supported.\nSo if the driver tries to call drm core set prop function without\nit being attached that causes NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48843",
"url": "https://www.suse.com/security/cve/CVE-2022-48843"
},
{
"category": "external",
"summary": "SUSE Bug 1228066 for CVE-2022-48843",
"url": "https://bugzilla.suse.com/1228066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48843"
},
{
"cve": "CVE-2022-48851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: gdm724x: fix use after free in gdm_lte_rx()\n\nThe netif_rx_ni() function frees the skb so we can\u0027t dereference it to\nsave the skb-\u003elen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48851",
"url": "https://www.suse.com/security/cve/CVE-2022-48851"
},
{
"category": "external",
"summary": "SUSE Bug 1227997 for CVE-2022-48851",
"url": "https://bugzilla.suse.com/1227997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48851"
},
{
"cve": "CVE-2022-48853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nswiotlb: fix info leak with DMA_FROM_DEVICE\n\nThe problem I\u0027m addressing was discovered by the LTP test covering\ncve-2018-1000204.\n\nA short description of what happens follows:\n1) The test case issues a command code 00 (TEST UNIT READY) via the SG_IO\n interface with: dxfer_len == 524288, dxdfer_dir == SG_DXFER_FROM_DEV\n and a corresponding dxferp. The peculiar thing about this is that TUR\n is not reading from the device.\n2) In sg_start_req() the invocation of blk_rq_map_user() effectively\n bounces the user-space buffer. As if the device was to transfer into\n it. Since commit a45b599ad808 (\"scsi: sg: allocate with __GFP_ZERO in\n sg_build_indirect()\") we make sure this first bounce buffer is\n allocated with GFP_ZERO.\n3) For the rest of the story we keep ignoring that we have a TUR, so the\n device won\u0027t touch the buffer we prepare as if the we had a\n DMA_FROM_DEVICE type of situation. My setup uses a virtio-scsi device\n and the buffer allocated by SG is mapped by the function\n virtqueue_add_split() which uses DMA_FROM_DEVICE for the \"in\" sgs (here\n scatter-gather and not scsi generics). This mapping involves bouncing\n via the swiotlb (we need swiotlb to do virtio in protected guest like\n s390 Secure Execution, or AMD SEV).\n4) When the SCSI TUR is done, we first copy back the content of the second\n (that is swiotlb) bounce buffer (which most likely contains some\n previous IO data), to the first bounce buffer, which contains all\n zeros. Then we copy back the content of the first bounce buffer to\n the user-space buffer.\n5) The test case detects that the buffer, which it zero-initialized,\n ain\u0027t all zeros and fails.\n\nOne can argue that this is an swiotlb problem, because without swiotlb\nwe leak all zeros, and the swiotlb should be transparent in a sense that\nit does not affect the outcome (if all other participants are well\nbehaved).\n\nCopying the content of the original buffer into the swiotlb buffer is\nthe only way I can think of to make swiotlb transparent in such\nscenarios. So let\u0027s do just that if in doubt, but allow the driver\nto tell us that the whole mapped buffer is going to be overwritten,\nin which case we can preserve the old behavior and avoid the performance\nimpact of the extra bounce.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48853",
"url": "https://www.suse.com/security/cve/CVE-2022-48853"
},
{
"category": "external",
"summary": "SUSE Bug 1228015 for CVE-2022-48853",
"url": "https://bugzilla.suse.com/1228015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48853"
},
{
"cve": "CVE-2022-48856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngianfar: ethtool: Fix refcount leak in gfar_get_ts_info\n\nThe of_find_compatible_node() function returns a node pointer with\nrefcount incremented, We should use of_node_put() on it when done\nAdd the missing of_node_put() to release the refcount.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48856",
"url": "https://www.suse.com/security/cve/CVE-2022-48856"
},
{
"category": "external",
"summary": "SUSE Bug 1228004 for CVE-2022-48856",
"url": "https://bugzilla.suse.com/1228004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48856"
},
{
"cve": "CVE-2022-48857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: port100: fix use-after-free in port100_send_complete\n\nSyzbot reported UAF in port100_send_complete(). The root case is in\nmissing usb_kill_urb() calls on error handling path of -\u003eprobe function.\n\nport100_send_complete() accesses devm allocated memory which will be\nfreed on probe failure. We should kill this urbs before returning an\nerror from probe function to prevent reported use-after-free\n\nFail log:\n\nBUG: KASAN: use-after-free in port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935\nRead of size 1 at addr ffff88801bb59540 by task ksoftirqd/2/26\n...\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935\n __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1670\n\n...\n\nAllocated by task 1255:\n kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\n kasan_set_track mm/kasan/common.c:45 [inline]\n set_alloc_info mm/kasan/common.c:436 [inline]\n ____kasan_kmalloc mm/kasan/common.c:515 [inline]\n ____kasan_kmalloc mm/kasan/common.c:474 [inline]\n __kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:524\n alloc_dr drivers/base/devres.c:116 [inline]\n devm_kmalloc+0x96/0x1d0 drivers/base/devres.c:823\n devm_kzalloc include/linux/device.h:209 [inline]\n port100_probe+0x8a/0x1320 drivers/nfc/port100.c:1502\n\nFreed by task 1255:\n kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\n kasan_set_track+0x21/0x30 mm/kasan/common.c:45\n kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370\n ____kasan_slab_free mm/kasan/common.c:366 [inline]\n ____kasan_slab_free+0xff/0x140 mm/kasan/common.c:328\n kasan_slab_free include/linux/kasan.h:236 [inline]\n __cache_free mm/slab.c:3437 [inline]\n kfree+0xf8/0x2b0 mm/slab.c:3794\n release_nodes+0x112/0x1a0 drivers/base/devres.c:501\n devres_release_all+0x114/0x190 drivers/base/devres.c:530\n really_probe+0x626/0xcc0 drivers/base/dd.c:670",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48857",
"url": "https://www.suse.com/security/cve/CVE-2022-48857"
},
{
"category": "external",
"summary": "SUSE Bug 1228005 for CVE-2022-48857",
"url": "https://bugzilla.suse.com/1228005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48857"
},
{
"cve": "CVE-2022-48858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix a race on command flush flow\n\nFix a refcount use after free warning due to a race on command entry.\nSuch race occurs when one of the commands releases its last refcount and\nfrees its index and entry while another process running command flush\nflow takes refcount to this command entry. The process which handles\ncommands flush may see this command as needed to be flushed if the other\nprocess released its refcount but didn\u0027t release the index yet. Fix it\nby adding the needed spin lock.\n\nIt fixes the following warning trace:\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 11 PID: 540311 at lib/refcount.c:25 refcount_warn_saturate+0x80/0xe0\n...\nRIP: 0010:refcount_warn_saturate+0x80/0xe0\n...\nCall Trace:\n \u003cTASK\u003e\n mlx5_cmd_trigger_completions+0x293/0x340 [mlx5_core]\n mlx5_cmd_flush+0x3a/0xf0 [mlx5_core]\n enter_error_state+0x44/0x80 [mlx5_core]\n mlx5_fw_fatal_reporter_err_work+0x37/0xe0 [mlx5_core]\n process_one_work+0x1be/0x390\n worker_thread+0x4d/0x3d0\n ? rescuer_thread+0x350/0x350\n kthread+0x141/0x160\n ? set_kthread_struct+0x40/0x40\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48858",
"url": "https://www.suse.com/security/cve/CVE-2022-48858"
},
{
"category": "external",
"summary": "SUSE Bug 1228006 for CVE-2022-48858",
"url": "https://bugzilla.suse.com/1228006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48858"
},
{
"cve": "CVE-2022-48872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48872"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix use-after-free race condition for maps\n\nIt is possible that in between calling fastrpc_map_get() until\nmap-\u003efl-\u003elock is taken in fastrpc_free_map(), another thread can call\nfastrpc_map_lookup() and get a reference to a map that is about to be\ndeleted.\n\nRewrite fastrpc_map_get() to only increase the reference count of a map\nif it\u0027s non-zero. Propagate this to callers so they can know if a map is\nabout to be deleted.\n\nFixes this warning:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate\n...\nCall trace:\n refcount_warn_saturate\n [fastrpc_map_get inlined]\n [fastrpc_map_lookup inlined]\n fastrpc_map_create\n fastrpc_internal_invoke\n fastrpc_device_ioctl\n __arm64_sys_ioctl\n invoke_syscall",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48872",
"url": "https://www.suse.com/security/cve/CVE-2022-48872"
},
{
"category": "external",
"summary": "SUSE Bug 1229510 for CVE-2022-48872",
"url": "https://bugzilla.suse.com/1229510"
},
{
"category": "external",
"summary": "SUSE Bug 1229519 for CVE-2022-48872",
"url": "https://bugzilla.suse.com/1229519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "important"
}
],
"title": "CVE-2022-48872"
},
{
"cve": "CVE-2022-48873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Don\u0027t remove map on creater_process and device_release\n\nDo not remove the map from the list on error path in\nfastrpc_init_create_process, instead call fastrpc_map_put, to avoid\nuse-after-free. Do not remove it on fastrpc_device_release either,\ncall fastrpc_map_put instead.\n\nThe fastrpc_free_map is the only proper place to remove the map.\nThis is called only after the reference count is 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48873",
"url": "https://www.suse.com/security/cve/CVE-2022-48873"
},
{
"category": "external",
"summary": "SUSE Bug 1229512 for CVE-2022-48873",
"url": "https://bugzilla.suse.com/1229512"
},
{
"category": "external",
"summary": "SUSE Bug 1229513 for CVE-2022-48873",
"url": "https://bugzilla.suse.com/1229513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "important"
}
],
"title": "CVE-2022-48873"
},
{
"cve": "CVE-2022-48901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48901"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not start relocation until in progress drops are done\n\nWe hit a bug with a recovering relocation on mount for one of our file\nsystems in production. I reproduced this locally by injecting errors\ninto snapshot delete with balance running at the same time. This\npresented as an error while looking up an extent item\n\n WARNING: CPU: 5 PID: 1501 at fs/btrfs/extent-tree.c:866 lookup_inline_extent_backref+0x647/0x680\n CPU: 5 PID: 1501 Comm: btrfs-balance Not tainted 5.16.0-rc8+ #8\n RIP: 0010:lookup_inline_extent_backref+0x647/0x680\n RSP: 0018:ffffae0a023ab960 EFLAGS: 00010202\n RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000000000\n RBP: ffff943fd2a39b60 R08: 0000000000000000 R09: 0000000000000001\n R10: 0001434088152de0 R11: 0000000000000000 R12: 0000000001d05000\n R13: ffff943fd2a39b60 R14: ffff943fdb96f2a0 R15: ffff9442fc923000\n FS: 0000000000000000(0000) GS:ffff944e9eb40000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f1157b1fca8 CR3: 000000010f092000 CR4: 0000000000350ee0\n Call Trace:\n \u003cTASK\u003e\n insert_inline_extent_backref+0x46/0xd0\n __btrfs_inc_extent_ref.isra.0+0x5f/0x200\n ? btrfs_merge_delayed_refs+0x164/0x190\n __btrfs_run_delayed_refs+0x561/0xfa0\n ? btrfs_search_slot+0x7b4/0xb30\n ? btrfs_update_root+0x1a9/0x2c0\n btrfs_run_delayed_refs+0x73/0x1f0\n ? btrfs_update_root+0x1a9/0x2c0\n btrfs_commit_transaction+0x50/0xa50\n ? btrfs_update_reloc_root+0x122/0x220\n prepare_to_merge+0x29f/0x320\n relocate_block_group+0x2b8/0x550\n btrfs_relocate_block_group+0x1a6/0x350\n btrfs_relocate_chunk+0x27/0xe0\n btrfs_balance+0x777/0xe60\n balance_kthread+0x35/0x50\n ? btrfs_balance+0xe60/0xe60\n kthread+0x16b/0x190\n ? set_kthread_struct+0x40/0x40\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\nNormally snapshot deletion and relocation are excluded from running at\nthe same time by the fs_info-\u003ecleaner_mutex. However if we had a\npending balance waiting to get the -\u003ecleaner_mutex, and a snapshot\ndeletion was running, and then the box crashed, we would come up in a\nstate where we have a half deleted snapshot.\n\nAgain, in the normal case the snapshot deletion needs to complete before\nrelocation can start, but in this case relocation could very well start\nbefore the snapshot deletion completes, as we simply add the root to the\ndead roots list and wait for the next time the cleaner runs to clean up\nthe snapshot.\n\nFix this by setting a bit on the fs_info if we have any DEAD_ROOT\u0027s that\nhad a pending drop_progress key. If they do then we know we were in the\nmiddle of the drop operation and set a flag on the fs_info. Then\nbalance can wait until this flag is cleared to start up again.\n\nIf there are DEAD_ROOT\u0027s that don\u0027t have a drop_progress set then we\u0027re\nsafe to start balance right away as we\u0027ll be properly protected by the\ncleaner_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48901",
"url": "https://www.suse.com/security/cve/CVE-2022-48901"
},
{
"category": "external",
"summary": "SUSE Bug 1229607 for CVE-2022-48901",
"url": "https://bugzilla.suse.com/1229607"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48901"
},
{
"cve": "CVE-2022-48905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: free reset-work-item when flushing\n\nFix a tiny memory leak when flushing the reset work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48905",
"url": "https://www.suse.com/security/cve/CVE-2022-48905"
},
{
"category": "external",
"summary": "SUSE Bug 1229604 for CVE-2022-48905",
"url": "https://bugzilla.suse.com/1229604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48905"
},
{
"cve": "CVE-2022-48912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: fix use-after-free in __nf_register_net_hook()\n\nWe must not dereference @new_hooks after nf_hook_mutex has been released,\nbecause other threads might have freed our allocated hooks already.\n\nBUG: KASAN: use-after-free in nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline]\nBUG: KASAN: use-after-free in hooks_validate net/netfilter/core.c:171 [inline]\nBUG: KASAN: use-after-free in __nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438\nRead of size 2 at addr ffff88801c1a8000 by task syz-executor237/4430\n\nCPU: 1 PID: 4430 Comm: syz-executor237 Not tainted 5.17.0-rc5-syzkaller-00306-g2293be58d6a1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x336 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline]\n hooks_validate net/netfilter/core.c:171 [inline]\n __nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438\n nf_register_net_hook+0x114/0x170 net/netfilter/core.c:571\n nf_register_net_hooks+0x59/0xc0 net/netfilter/core.c:587\n nf_synproxy_ipv6_init+0x85/0xe0 net/netfilter/nf_synproxy_core.c:1218\n synproxy_tg6_check+0x30d/0x560 net/ipv6/netfilter/ip6t_SYNPROXY.c:81\n xt_check_target+0x26c/0x9e0 net/netfilter/x_tables.c:1038\n check_target net/ipv6/netfilter/ip6_tables.c:530 [inline]\n find_check_entry.constprop.0+0x7f1/0x9e0 net/ipv6/netfilter/ip6_tables.c:573\n translate_table+0xc8b/0x1750 net/ipv6/netfilter/ip6_tables.c:735\n do_replace net/ipv6/netfilter/ip6_tables.c:1153 [inline]\n do_ip6t_set_ctl+0x56e/0xb90 net/ipv6/netfilter/ip6_tables.c:1639\n nf_setsockopt+0x83/0xe0 net/netfilter/nf_sockopt.c:101\n ipv6_setsockopt+0x122/0x180 net/ipv6/ipv6_sockglue.c:1024\n rawv6_setsockopt+0xd3/0x6a0 net/ipv6/raw.c:1084\n __sys_setsockopt+0x2db/0x610 net/socket.c:2180\n __do_sys_setsockopt net/socket.c:2191 [inline]\n __se_sys_setsockopt net/socket.c:2188 [inline]\n __x64_sys_setsockopt+0xba/0x150 net/socket.c:2188\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f65a1ace7d9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f65a1a7f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f65a1ace7d9\nRDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003\nRBP: 00007f65a1b574c8 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000020000000 R11: 0000000000000246 R12: 00007f65a1b55130\nR13: 00007f65a1b574c0 R14: 00007f65a1b24090 R15: 0000000000022000\n \u003c/TASK\u003e\n\nThe buggy address belongs to the page:\npage:ffffea0000706a00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c1a8\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000000000 ffffea0001c1b108 ffffea000046dd08 0000000000000000\nraw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 2, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 4430, ts 1061781545818, free_ts 1061791488993\n prep_new_page mm/page_alloc.c:2434 [inline]\n get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4165\n __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5389\n __alloc_pages_node include/linux/gfp.h:572 [inline]\n alloc_pages_node include/linux/gfp.h:595 [inline]\n kmalloc_large_node+0x62/0x130 mm/slub.c:4438\n __kmalloc_node+0x35a/0x4a0 mm/slub.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48912",
"url": "https://www.suse.com/security/cve/CVE-2022-48912"
},
{
"category": "external",
"summary": "SUSE Bug 1229641 for CVE-2022-48912",
"url": "https://bugzilla.suse.com/1229641"
},
{
"category": "external",
"summary": "SUSE Bug 1229644 for CVE-2022-48912",
"url": "https://bugzilla.suse.com/1229644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "important"
}
],
"title": "CVE-2022-48912"
},
{
"cve": "CVE-2022-48917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48917"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48917",
"url": "https://www.suse.com/security/cve/CVE-2022-48917"
},
{
"category": "external",
"summary": "SUSE Bug 1229637 for CVE-2022-48917",
"url": "https://bugzilla.suse.com/1229637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48917"
},
{
"cve": "CVE-2022-48919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48919"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix double free race when mount fails in cifs_get_root()\n\nWhen cifs_get_root() fails during cifs_smb3_do_mount() we call\ndeactivate_locked_super() which eventually will call delayed_free() which\nwill free the context.\nIn this situation we should not proceed to enter the out: section in\ncifs_smb3_do_mount() and free the same resources a second time.\n\n[Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60\n[Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0\n\n[Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4\n[Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019\n[Thu Feb 10 12:59:06 2022] Call Trace:\n[Thu Feb 10 12:59:06 2022] \u003cIRQ\u003e\n[Thu Feb 10 12:59:06 2022] dump_stack_lvl+0x5d/0x78\n[Thu Feb 10 12:59:06 2022] print_address_description.constprop.0+0x24/0x150\n[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60\n[Thu Feb 10 12:59:06 2022] kasan_report.cold+0x7d/0x117\n[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60\n[Thu Feb 10 12:59:06 2022] __asan_load8+0x86/0xa0\n[Thu Feb 10 12:59:06 2022] rcu_cblist_dequeue+0x32/0x60\n[Thu Feb 10 12:59:06 2022] rcu_core+0x547/0xca0\n[Thu Feb 10 12:59:06 2022] ? call_rcu+0x3c0/0x3c0\n[Thu Feb 10 12:59:06 2022] ? __this_cpu_preempt_check+0x13/0x20\n[Thu Feb 10 12:59:06 2022] ? lock_is_held_type+0xea/0x140\n[Thu Feb 10 12:59:06 2022] rcu_core_si+0xe/0x10\n[Thu Feb 10 12:59:06 2022] __do_softirq+0x1d4/0x67b\n[Thu Feb 10 12:59:06 2022] __irq_exit_rcu+0x100/0x150\n[Thu Feb 10 12:59:06 2022] irq_exit_rcu+0xe/0x30\n[Thu Feb 10 12:59:06 2022] sysvec_hyperv_stimer0+0x9d/0xc0\n...\n[Thu Feb 10 12:59:07 2022] Freed by task 58179:\n[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50\n[Thu Feb 10 12:59:07 2022] kasan_set_track+0x25/0x30\n[Thu Feb 10 12:59:07 2022] kasan_set_free_info+0x24/0x40\n[Thu Feb 10 12:59:07 2022] ____kasan_slab_free+0x137/0x170\n[Thu Feb 10 12:59:07 2022] __kasan_slab_free+0x12/0x20\n[Thu Feb 10 12:59:07 2022] slab_free_freelist_hook+0xb3/0x1d0\n[Thu Feb 10 12:59:07 2022] kfree+0xcd/0x520\n[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0x149/0xbe0 [cifs]\n[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs]\n[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140\n[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0\n[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210\n[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0\n[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n[Thu Feb 10 12:59:07 2022] Last potentially related work creation:\n[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50\n[Thu Feb 10 12:59:07 2022] __kasan_record_aux_stack+0xb6/0xc0\n[Thu Feb 10 12:59:07 2022] kasan_record_aux_stack_noalloc+0xb/0x10\n[Thu Feb 10 12:59:07 2022] call_rcu+0x76/0x3c0\n[Thu Feb 10 12:59:07 2022] cifs_umount+0xce/0xe0 [cifs]\n[Thu Feb 10 12:59:07 2022] cifs_kill_sb+0xc8/0xe0 [cifs]\n[Thu Feb 10 12:59:07 2022] deactivate_locked_super+0x5d/0xd0\n[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0xab9/0xbe0 [cifs]\n[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs]\n[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140\n[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0\n[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210\n[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0\n[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48919",
"url": "https://www.suse.com/security/cve/CVE-2022-48919"
},
{
"category": "external",
"summary": "SUSE Bug 1229657 for CVE-2022-48919",
"url": "https://bugzilla.suse.com/1229657"
},
{
"category": "external",
"summary": "SUSE Bug 1229660 for CVE-2022-48919",
"url": "https://bugzilla.suse.com/1229660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48919"
},
{
"cve": "CVE-2022-48925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Do not change route.addr.src_addr outside state checks\n\nIf the state is not idle then resolve_prepare_src() should immediately\nfail and no change to global state should happen. However, it\nunconditionally overwrites the src_addr trying to build a temporary any\naddress.\n\nFor instance if the state is already RDMA_CM_LISTEN then this will corrupt\nthe src_addr and would cause the test in cma_cancel_operation():\n\n if (cma_any_addr(cma_src_addr(id_priv)) \u0026\u0026 !id_priv-\u003ecma_dev)\n\nWhich would manifest as this trace from syzkaller:\n\n BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0 lib/list_debug.c:26\n Read of size 8 at addr ffff8881546491e0 by task syz-executor.1/32204\n\n CPU: 1 PID: 32204 Comm: syz-executor.1 Not tainted 5.12.0-rc8-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n Call Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x141/0x1d7 lib/dump_stack.c:120\n print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:232\n __kasan_report mm/kasan/report.c:399 [inline]\n kasan_report.cold+0x7c/0xd8 mm/kasan/report.c:416\n __list_add_valid+0x93/0xa0 lib/list_debug.c:26\n __list_add include/linux/list.h:67 [inline]\n list_add_tail include/linux/list.h:100 [inline]\n cma_listen_on_all drivers/infiniband/core/cma.c:2557 [inline]\n rdma_listen+0x787/0xe00 drivers/infiniband/core/cma.c:3751\n ucma_listen+0x16a/0x210 drivers/infiniband/core/ucma.c:1102\n ucma_write+0x259/0x350 drivers/infiniband/core/ucma.c:1732\n vfs_write+0x28e/0xa30 fs/read_write.c:603\n ksys_write+0x1ee/0x250 fs/read_write.c:658\n do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThis is indicating that an rdma_id_private was destroyed without doing\ncma_cancel_listens().\n\nInstead of trying to re-use the src_addr memory to indirectly create an\nany address derived from the dst build one explicitly on the stack and\nbind to that as any other normal flow would do. rdma_bind_addr() will copy\nit over the src_addr once it knows the state is valid.\n\nThis is similar to commit bc0bdc5afaa7 (\"RDMA/cma: Do not change\nroute.addr.src_addr.ss_family\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48925",
"url": "https://www.suse.com/security/cve/CVE-2022-48925"
},
{
"category": "external",
"summary": "SUSE Bug 1229630 for CVE-2022-48925",
"url": "https://bugzilla.suse.com/1229630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48925"
},
{
"cve": "CVE-2022-48926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: rndis: add spinlock for rndis response list\n\nThere\u0027s no lock for rndis response list. It could cause list corruption\nif there\u0027re two different list_add at the same time like below.\nIt\u0027s better to add in rndis_add_response / rndis_free_response\n/ rndis_get_next_response to prevent any race condition on response list.\n\n[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.\nnext-\u003eprev should be prev (ffffff80651764d0),\nbut was ffffff883dc36f80. (next=ffffff80651764d0).\n\n[ 361.904380] [1: irq/191-dwc3:16979] Call trace:\n[ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90\n[ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0\n[ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84\n[ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4\n[ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60\n[ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0\n[ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc\n[ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc\n[ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec\n[ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48926",
"url": "https://www.suse.com/security/cve/CVE-2022-48926"
},
{
"category": "external",
"summary": "SUSE Bug 1229629 for CVE-2022-48926",
"url": "https://bugzilla.suse.com/1229629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48926"
},
{
"cve": "CVE-2022-48928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48928"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: men_z188_adc: Fix a resource leak in an error handling path\n\nIf iio_device_register() fails, a previous ioremap() is left unbalanced.\n\nUpdate the error handling path and add the missing iounmap() call, as\nalready done in the remove function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48928",
"url": "https://www.suse.com/security/cve/CVE-2022-48928"
},
{
"category": "external",
"summary": "SUSE Bug 1229626 for CVE-2022-48928",
"url": "https://bugzilla.suse.com/1229626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48928"
},
{
"cve": "CVE-2022-48930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/ib_srp: Fix a deadlock\n\nRemove the flush_workqueue(system_long_wq) call since flushing\nsystem_long_wq is deadlock-prone and since that call is redundant with a\npreceding cancel_work_sync()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48930",
"url": "https://www.suse.com/security/cve/CVE-2022-48930"
},
{
"category": "external",
"summary": "SUSE Bug 1229624 for CVE-2022-48930",
"url": "https://bugzilla.suse.com/1229624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48930"
},
{
"cve": "CVE-2022-48933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48933"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memory leak during stateful obj update\n\nstateful objects can be updated from the control plane.\nThe transaction logic allocates a temporary object for this purpose.\n\nThe -\u003einit function was called for this object, so plain kfree() leaks\nresources. We must call -\u003edestroy function of the object.\n\nnft_obj_destroy does this, but it also decrements the module refcount,\nbut the update path doesn\u0027t increment it.\n\nTo avoid special-casing the update object release, do module_get for\nthe update case too and release it via nft_obj_destroy().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48933",
"url": "https://www.suse.com/security/cve/CVE-2022-48933"
},
{
"category": "external",
"summary": "SUSE Bug 1229621 for CVE-2022-48933",
"url": "https://bugzilla.suse.com/1229621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48933"
},
{
"cve": "CVE-2022-48934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()\n\nida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX)\ninclusive.\nSo NFP_MAX_MAC_INDEX (0xff) is a valid id.\n\nIn order for the error handling path to work correctly, the \u0027invalid\u0027\nvalue for \u0027ida_idx\u0027 should not be in the 0..NFP_MAX_MAC_INDEX range,\ninclusive.\n\nSo set it to -1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48934",
"url": "https://www.suse.com/security/cve/CVE-2022-48934"
},
{
"category": "external",
"summary": "SUSE Bug 1229620 for CVE-2022-48934",
"url": "https://bugzilla.suse.com/1229620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2022-48934"
},
{
"cve": "CVE-2023-52854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix refcnt handling in padata_free_shell()\n\nIn a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead\nto system UAF (Use-After-Free) issues. Due to the lengthy analysis of\nthe pcrypt_aead01 function call, I\u0027ll describe the problem scenario\nusing a simplified model:\n\nSuppose there\u0027s a user of padata named `user_function` that adheres to\nthe padata requirement of calling `padata_free_shell` after `serial()`\nhas been invoked, as demonstrated in the following code:\n\n```c\nstruct request {\n struct padata_priv padata;\n struct completion *done;\n};\n\nvoid parallel(struct padata_priv *padata) {\n do_something();\n}\n\nvoid serial(struct padata_priv *padata) {\n struct request *request = container_of(padata,\n \t\t\t\tstruct request,\n\t\t\t\tpadata);\n complete(request-\u003edone);\n}\n\nvoid user_function() {\n DECLARE_COMPLETION(done)\n padata-\u003eparallel = parallel;\n padata-\u003eserial = serial;\n padata_do_parallel();\n wait_for_completion(\u0026done);\n padata_free_shell();\n}\n```\n\nIn the corresponding padata.c file, there\u0027s the following code:\n\n```c\nstatic void padata_serial_worker(struct work_struct *serial_work) {\n ...\n cnt = 0;\n\n while (!list_empty(\u0026local_list)) {\n ...\n padata-\u003eserial(padata);\n cnt++;\n }\n\n local_bh_enable();\n\n if (refcount_sub_and_test(cnt, \u0026pd-\u003erefcnt))\n padata_free_pd(pd);\n}\n```\n\nBecause of the high system load and the accumulation of unexecuted\nsoftirq at this moment, `local_bh_enable()` in padata takes longer\nto execute than usual. Subsequently, when accessing `pd-\u003erefcnt`,\n`pd` has already been released by `padata_free_shell()`, resulting\nin a UAF issue with `pd-\u003erefcnt`.\n\nThe fix is straightforward: add `refcount_dec_and_test` before calling\n`padata_free_pd` in `padata_free_shell`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52854",
"url": "https://www.suse.com/security/cve/CVE-2023-52854"
},
{
"category": "external",
"summary": "SUSE Bug 1225584 for CVE-2023-52854",
"url": "https://bugzilla.suse.com/1225584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2023-52854"
},
{
"cve": "CVE-2024-40910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix refcount imbalance on inbound connections\n\nWhen releasing a socket in ax25_release(), we call netdev_put() to\ndecrease the refcount on the associated ax.25 device. However, the\nexecution path for accepting an incoming connection never calls\nnetdev_hold(). This imbalance leads to refcount errors, and ultimately\nto kernel crashes.\n\nA typical call trace for the above situation will start with one of the\nfollowing errors:\n\n refcount_t: decrement hit 0; leaking memory.\n refcount_t: underflow; use-after-free.\n\nAnd will then have a trace like:\n\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x64/0x70\n ? __warn+0x83/0x120\n ? refcount_warn_saturate+0xb2/0x100\n ? report_bug+0x158/0x190\n ? prb_read_valid+0x20/0x30\n ? handle_bug+0x3e/0x70\n ? exc_invalid_op+0x1c/0x70\n ? asm_exc_invalid_op+0x1f/0x30\n ? refcount_warn_saturate+0xb2/0x100\n ? refcount_warn_saturate+0xb2/0x100\n ax25_release+0x2ad/0x360\n __sock_release+0x35/0xa0\n sock_close+0x19/0x20\n [...]\n\nOn reboot (or any attempt to remove the interface), the kernel gets\nstuck in an infinite loop:\n\n unregister_netdevice: waiting for ax0 to become free. Usage count = 0\n\nThis patch corrects these issues by ensuring that we call netdev_hold()\nand ax25_dev_hold() for new connections in ax25_accept(). This makes the\nlogic leading to ax25_accept() match the logic for ax25_bind(): in both\ncases we increment the refcount, which is ultimately decremented in\nax25_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40910",
"url": "https://www.suse.com/security/cve/CVE-2024-40910"
},
{
"category": "external",
"summary": "SUSE Bug 1227832 for CVE-2024-40910",
"url": "https://bugzilla.suse.com/1227832"
},
{
"category": "external",
"summary": "SUSE Bug 1227902 for CVE-2024-40910",
"url": "https://bugzilla.suse.com/1227902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "important"
}
],
"title": "CVE-2024-40910"
},
{
"cve": "CVE-2024-41009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that \"owns\" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\u0027s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos \u003e rb-\u003emask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\u0027s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\u0027s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\u0027s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\u0027ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41009",
"url": "https://www.suse.com/security/cve/CVE-2024-41009"
},
{
"category": "external",
"summary": "SUSE Bug 1228020 for CVE-2024-41009",
"url": "https://bugzilla.suse.com/1228020"
},
{
"category": "external",
"summary": "SUSE Bug 1245988 for CVE-2024-41009",
"url": "https://bugzilla.suse.com/1245988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "important"
}
],
"title": "CVE-2024-41009"
},
{
"cve": "CVE-2024-41062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/l2cap: sync sock recv cb and release\n\nThe problem occurs between the system call to close the sock and hci_rx_work,\nwhere the former releases the sock and the latter accesses it without lock protection.\n\n CPU0 CPU1\n ---- ----\n sock_close hci_rx_work\n\t l2cap_sock_release hci_acldata_packet\n\t l2cap_sock_kill l2cap_recv_frame\n\t sk_free l2cap_conless_channel\n\t l2cap_sock_recv_cb\n\nIf hci_rx_work processes the data that needs to be received before the sock is\nclosed, then everything is normal; Otherwise, the work thread may access the\nreleased sock when receiving data.\n\nAdd a chan mutex in the rx callback of the sock to achieve synchronization between\nthe sock release and recv cb.\n\nSock is dead, so set chan data to NULL, avoid others use invalid sock pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41062",
"url": "https://www.suse.com/security/cve/CVE-2024-41062"
},
{
"category": "external",
"summary": "SUSE Bug 1228576 for CVE-2024-41062",
"url": "https://bugzilla.suse.com/1228576"
},
{
"category": "external",
"summary": "SUSE Bug 1228578 for CVE-2024-41062",
"url": "https://bugzilla.suse.com/1228578"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "important"
}
],
"title": "CVE-2024-41062"
},
{
"cve": "CVE-2024-41087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix double free on error\n\nIf e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump\nto the err_out label, which will call devres_release_group().\ndevres_release_group() will trigger a call to ata_host_release().\nata_host_release() calls kfree(host), so executing the kfree(host) in\nata_host_alloc() will lead to a double free:\n\nkernel BUG at mm/slub.c:553!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:kfree+0x2cf/0x2f0\nCode: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da\nRSP: 0018:ffffc90000f377f0 EFLAGS: 00010246\nRAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320\nRDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0\nRBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780\nR13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006\nFS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x6a/0x90\n ? kfree+0x2cf/0x2f0\n ? exc_invalid_op+0x50/0x70\n ? kfree+0x2cf/0x2f0\n ? asm_exc_invalid_op+0x1a/0x20\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? kfree+0x2cf/0x2f0\n ata_host_alloc+0xf5/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nEnsure that we will not call kfree(host) twice, by performing the kfree()\nonly if the devres_open_group() call failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41087",
"url": "https://www.suse.com/security/cve/CVE-2024-41087"
},
{
"category": "external",
"summary": "SUSE Bug 1228466 for CVE-2024-41087",
"url": "https://bugzilla.suse.com/1228466"
},
{
"category": "external",
"summary": "SUSE Bug 1228740 for CVE-2024-41087",
"url": "https://bugzilla.suse.com/1228740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "important"
}
],
"title": "CVE-2024-41087"
},
{
"cve": "CVE-2024-42077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix DIO failure due to insufficient transaction credits\n\nThe code in ocfs2_dio_end_io_write() estimates number of necessary\ntransaction credits using ocfs2_calc_extend_credits(). This however does\nnot take into account that the IO could be arbitrarily large and can\ncontain arbitrary number of extents.\n\nExtent tree manipulations do often extend the current transaction but not\nin all of the cases. For example if we have only single block extents in\nthe tree, ocfs2_mark_extent_written() will end up calling\nocfs2_replace_extent_rec() all the time and we will never extend the\ncurrent transaction and eventually exhaust all the transaction credits if\nthe IO contains many single block extents. Once that happens a\nWARN_ON(jbd2_handle_buffer_credits(handle) \u003c= 0) is triggered in\njbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to\nthis error. This was actually triggered by one of our customers on a\nheavily fragmented OCFS2 filesystem.\n\nTo fix the issue make sure the transaction always has enough credits for\none extent insert before each call of ocfs2_mark_extent_written().\n\nHeming Zhao said:\n\n------\nPANIC: \"Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error\"\n\nPID: xxx TASK: xxxx CPU: 5 COMMAND: \"SubmitThread-CA\"\n #0 machine_kexec at ffffffff8c069932\n #1 __crash_kexec at ffffffff8c1338fa\n #2 panic at ffffffff8c1d69b9\n #3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2]\n #4 __ocfs2_abort at ffffffffc0c88387 [ocfs2]\n #5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2]\n #6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2]\n #7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2]\n #8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2]\n #9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2]\n#10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2]\n#11 dio_complete at ffffffff8c2b9fa7\n#12 do_blockdev_direct_IO at ffffffff8c2bc09f\n#13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2]\n#14 generic_file_direct_write at ffffffff8c1dcf14\n#15 __generic_file_write_iter at ffffffff8c1dd07b\n#16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2]\n#17 aio_write at ffffffff8c2cc72e\n#18 kmem_cache_alloc at ffffffff8c248dde\n#19 do_io_submit at ffffffff8c2ccada\n#20 do_syscall_64 at ffffffff8c004984\n#21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42077",
"url": "https://www.suse.com/security/cve/CVE-2024-42077"
},
{
"category": "external",
"summary": "SUSE Bug 1228516 for CVE-2024-42077",
"url": "https://bugzilla.suse.com/1228516"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-42077"
},
{
"cve": "CVE-2024-42232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix race between delayed_work() and ceph_monc_stop()\n\nThe way the delayed work is handled in ceph_monc_stop() is prone to\nraces with mon_fault() and possibly also finish_hunting(). Both of\nthese can requeue the delayed work which wouldn\u0027t be canceled by any of\nthe following code in case that happens after cancel_delayed_work_sync()\nruns -- __close_session() doesn\u0027t mess with the delayed work in order\nto avoid interfering with the hunting interval logic. This part was\nmissed in commit b5d91704f53e (\"libceph: behave in mon_fault() if\ncur_mon \u003c 0\") and use-after-free can still ensue on monc and objects\nthat hang off of it, with monc-\u003eauth and monc-\u003emonmap being\nparticularly susceptible to quickly being reused.\n\nTo fix this:\n\n- clear monc-\u003ecur_mon and monc-\u003ehunting as part of closing the session\n in ceph_monc_stop()\n- bail from delayed_work() if monc-\u003ecur_mon is cleared, similar to how\n it\u0027s done in mon_fault() and finish_hunting() (based on monc-\u003ehunting)\n- call cancel_delayed_work_sync() after the session is closed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42232",
"url": "https://www.suse.com/security/cve/CVE-2024-42232"
},
{
"category": "external",
"summary": "SUSE Bug 1228959 for CVE-2024-42232",
"url": "https://bugzilla.suse.com/1228959"
},
{
"category": "external",
"summary": "SUSE Bug 1229458 for CVE-2024-42232",
"url": "https://bugzilla.suse.com/1229458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "important"
}
],
"title": "CVE-2024-42232"
},
{
"cve": "CVE-2024-42271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42271"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: fix use after free in iucv_sock_close()\n\niucv_sever_path() is called from process context and from bh context.\niucv-\u003epath is used as indicator whether somebody else is taking care of\nsevering the path (or it is already removed / never existed).\nThis needs to be done with atomic compare and swap, otherwise there is a\nsmall window where iucv_sock_close() will try to work with a path that has\nalready been severed and freed by iucv_callback_connrej() called by\niucv_tasklet_fn().\n\nExample:\n[452744.123844] Call Trace:\n[452744.123845] ([\u003c0000001e87f03880\u003e] 0x1e87f03880)\n[452744.123966] [\u003c00000000d593001e\u003e] iucv_path_sever+0x96/0x138\n[452744.124330] [\u003c000003ff801ddbca\u003e] iucv_sever_path+0xc2/0xd0 [af_iucv]\n[452744.124336] [\u003c000003ff801e01b6\u003e] iucv_sock_close+0xa6/0x310 [af_iucv]\n[452744.124341] [\u003c000003ff801e08cc\u003e] iucv_sock_release+0x3c/0xd0 [af_iucv]\n[452744.124345] [\u003c00000000d574794e\u003e] __sock_release+0x5e/0xe8\n[452744.124815] [\u003c00000000d5747a0c\u003e] sock_close+0x34/0x48\n[452744.124820] [\u003c00000000d5421642\u003e] __fput+0xba/0x268\n[452744.124826] [\u003c00000000d51b382c\u003e] task_work_run+0xbc/0xf0\n[452744.124832] [\u003c00000000d5145710\u003e] do_notify_resume+0x88/0x90\n[452744.124841] [\u003c00000000d5978096\u003e] system_call+0xe2/0x2c8\n[452744.125319] Last Breaking-Event-Address:\n[452744.125321] [\u003c00000000d5930018\u003e] iucv_path_sever+0x90/0x138\n[452744.125324]\n[452744.125325] Kernel panic - not syncing: Fatal exception in interrupt\n\nNote that bh_lock_sock() is not serializing the tasklet context against\nprocess context, because the check for sock_owned_by_user() and\ncorresponding handling is missing.\n\nIdeas for a future clean-up patch:\nA) Correct usage of bh_lock_sock() in tasklet context, as described in\nRe-enqueue, if needed. This may require adding return values to the\ntasklet functions and thus changes to all users of iucv.\n\nB) Change iucv tasklet into worker and use only lock_sock() in af_iucv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42271",
"url": "https://www.suse.com/security/cve/CVE-2024-42271"
},
{
"category": "external",
"summary": "SUSE Bug 1229400 for CVE-2024-42271",
"url": "https://bugzilla.suse.com/1229400"
},
{
"category": "external",
"summary": "SUSE Bug 1229401 for CVE-2024-42271",
"url": "https://bugzilla.suse.com/1229401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "important"
}
],
"title": "CVE-2024-42271"
},
{
"cve": "CVE-2024-43861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43861",
"url": "https://www.suse.com/security/cve/CVE-2024-43861"
},
{
"category": "external",
"summary": "SUSE Bug 1229500 for CVE-2024-43861",
"url": "https://bugzilla.suse.com/1229500"
},
{
"category": "external",
"summary": "SUSE Bug 1229553 for CVE-2024-43861",
"url": "https://bugzilla.suse.com/1229553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "important"
}
],
"title": "CVE-2024-43861"
},
{
"cve": "CVE-2024-43882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\u0027s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug 7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug 7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, \"chmod o-x,u+s target\" makes \"target\" executable only\nby uid \"root\" and gid \"cdrom\", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug 7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 target\n\nBut racing the chmod means users without group \"cdrom\" membership can\nget the permission to execute \"target\" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of \"only cdrom\ngroup members can setuid to root\".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43882",
"url": "https://www.suse.com/security/cve/CVE-2024-43882"
},
{
"category": "external",
"summary": "SUSE Bug 1229503 for CVE-2024-43882",
"url": "https://bugzilla.suse.com/1229503"
},
{
"category": "external",
"summary": "SUSE Bug 1229504 for CVE-2024-43882",
"url": "https://bugzilla.suse.com/1229504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "important"
}
],
"title": "CVE-2024-43882"
},
{
"cve": "CVE-2024-43883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43883",
"url": "https://www.suse.com/security/cve/CVE-2024-43883"
},
{
"category": "external",
"summary": "SUSE Bug 1229707 for CVE-2024-43883",
"url": "https://bugzilla.suse.com/1229707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-43883"
},
{
"cve": "CVE-2024-44947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44947",
"url": "https://www.suse.com/security/cve/CVE-2024-44947"
},
{
"category": "external",
"summary": "SUSE Bug 1229456 for CVE-2024-44947",
"url": "https://bugzilla.suse.com/1229456"
},
{
"category": "external",
"summary": "SUSE Bug 1230098 for CVE-2024-44947",
"url": "https://bugzilla.suse.com/1230098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.181.2.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.181.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.181.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-12T12:12:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-44947"
}
]
}
SUSE-SU-2024:3190-1
Vulnerability from csaf_suse - Published: 2024-09-10 08:46 - Updated: 2024-09-10 08:46Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
- CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
- CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
- CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-44939: fix null ptr deref in dtInsertEntry (bsc#1229820).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
- CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
- CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
- CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
- CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
- CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
- CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
- CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
- CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
- CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
- CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569).
- CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
- CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
- CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
- CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
- CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
- CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
- CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
- CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
- CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
- CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
- CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
- CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
- CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
- CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-27016: Validate pppoe header (bsc#1223807).
- CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
- CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
- CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
- CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
- CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
- CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
- CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
- CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).
- CVE-2024-26677: Blacklist e7870cf13d20 ('rxrpc: Fix delayed ACKs to not set the reference serial number') (bsc#1222387)
- CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
- CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
- CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
- CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
- CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
- CVE-2024-26669: Fix chain template offload (bsc#1222350).
- CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).
- CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
- CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
- CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
- CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
- CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
- CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
- CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
- CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
- CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
- CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
- CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
- CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
- CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
- CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
- CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
- CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
- CVE-2024-42139: Fix improper extts handling (bsc#1228503).
- CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
- CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
- CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613).
- CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
- CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).
The following non-security bugs were fixed:
- ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC (git-fixes).
- ACPI: bus: Indicate support for the Generic Event Device thru _OSC (git-fixes).
- ACPI: bus: Rework system-level device notification handling (git-fixes).
- ACPI: thermal: Drop nocrt parameter (git-fixes).
- ACPI: x86: s2idle: Post-increment variables when getting constraints (git-fixes).
- afs: Do not cross .backup mountpoint from backup volume (git-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: timer: Relax start tick time check for slave timer elements (git-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes).
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: Add Neoverse-V2 part (git-fixes)
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: barrier: Restore spec_bar() macro (git-fixes)
- arm64: cpufeature: Add missing .field_width for GIC system registers (git-fixes)
- arm64: cpufeature: Fix the visibility of compat hwcaps (git-fixes)
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to (git-fixes)
- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- arm64: errata: Unify speculative SSBS errata logic (git-fixes) Also update default configuration.
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- async: Introduce async_schedule_dev_nocall() (bsc#1221269).
- async: Split async_schedule_node_domain() (bsc#1221269).
- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes).
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes).
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes).
- btrfs: fix leak of qgroup extent records after transaction abort (git-fixes).
- btrfs: make btrfs_destroy_delayed_refs() return void (git-fixes).
- btrfs: remove unnecessary prototype declarations at disk-io.c (git-fixes).
- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
- cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418).
- ceph: issue a cap release immediately if no cap exists (bsc#1225162).
- ceph: periodically flush the cap releases (bsc#1225162).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpuidle, ACPI: Evaluate LPI arch_flags for broadcast timer (git-fixes).
- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- drm: add missing MODULE_DESCRIPTION() macros (stable-fixes).
- drm: panel-orientation-quirks: Add labels for both Valve Steam Deck revisions (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01 (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes).
- drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- drm/amd/display: avoid using null object of framebuffer (git-fixes).
- drm/amd/display: Fix && vs || typos (git-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes).
- drm/amd/display: Validate hw_points_num before using it (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes).
- drm/amdgpu: Actually check flags for all context ops (stable-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes).
- drm/bridge: tc358768: Attempt to fix DSI horizontal timings (stable-fixes).
- drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- drm/msm/dp: reset the link phy params before link training (git-fixes).
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes).
- drm/msm/dpu: do not play tricks with debug macros (git-fixes).
- drm/tegra: Zero-initialize iosys_map (stable-fixes).
- exfat: fix inode->i_blocks for non-512 byte sector size device (git-fixes).
- exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes).
- exfat: redefine DIR_DELETED as the bad cluster number (git-fixes).
- exfat: support dynamic allocate bh for exfat_entry_set_cache (git-fixes).
- fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229453).
- fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- genirq: Add might_sleep() to disable_irq() (git-fixes).
- genirq: Always limit the affinity to online CPUs (git-fixes).
- genirq: Do not return error on missing optional irq_request_resources() (git-fixes).
- genirq: Take the proposed affinity at face value if force==true (git-fixes).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes).
- genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes).
- genirq/irqdesc: Do not try to remove non-existing sysfs files (git-fixes).
- genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes).
- genirq/msi: Shutdown managed interrupts with unsatifiable affinities (git-fixes).
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- i2c: smbus: Send alert notifications to all devices if source not found (git-fixes).
- iommu/amd: Convert comma to semicolon (git-fixes).
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- ipv6: sr: fix incorrect unregister order (git-fixes).
- irqdomain: Drop bogus fwspec-mapping error handling (git-fixes).
- irqdomain: Fix association race (git-fixes).
- irqdomain: Fix disassociation race (git-fixes).
- irqdomain: Fix domain registration race (git-fixes).
- irqdomain: Fix mapping-creation race (git-fixes).
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- irqdomain: Look for existing mapping only once (git-fixes).
- irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes).
- irqdomain: Report irq number for NOMAP domains (git-fixes).
- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- lockd: move from strlcpy with unused retval to strscpy (git-fixes).
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes).
- net: ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes).
- net: ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- net: ks8851: Fix potential TX stall after interface reopen (git-fixes).
- net: ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes).
- net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).
- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).
- net: remove two BUG() from skb_checksum_help() (bsc#1229312).
- net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes).
- net/rds: fix possible cp null dereference (git-fixes).
- net/sched: initialize noop_qdisc owner (git-fixes).
- nfc: pn533: Add poll mod list filling check (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- NFSD: add posix ACLs to struct nfsd_attrs (git-fixes).
- NFSD: add security label to struct nfsd_attrs (git-fixes).
- NFSD: fix regression with setting ACLs (git-fixes).
- NFSD: Fix strncpy() fortify warning (git-fixes).
- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- NFSD: introduce struct nfsd_attrs (git-fixes).
- NFSD: move from strlcpy with unused retval to strscpy (git-fixes).
- NFSD: Optimize DRC bucket pruning (git-fixes).
- nfsd: return error if nfs4_setacl fails (git-fixes).
- NFSD: set attributes when creating symlinks (git-fixes).
- nfsd: use locks_inode_context helper (git-fixes).
- nilfs2: Remove check for PageError (git-fixes).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
- ocfs2: use coarse time for new created files (git-fixes).
- padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).
- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes).
- power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes).
- powerpc: Fail build if using recordmcount with binutils v2.37 (bsc#1194869).
- powerpc: Mark .opd section read-only (bsc#1194869).
- powerpc: use generic version of arch_is_kernel_initmem_freed() (bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869).
- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869).
- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).
- RDMA/rxe: Fix incomplete state save in rxe_requester (git-fixes)
- RDMA/rxe: Fix rxe_modify_srq (git-fixes)
- RDMA/rxe: Move work queue code to subroutines (git-fixes)
- s390/cpacf: get rid of register asm (git-fixes bsc#1227079 bsc#1229187).
- s390/cpacf: Make use of invalid opcode produce a link error (git-fixes bsc#1227079).
- s390/cpacf: Split and rework cpacf query functions (git-fixes bsc#1229187).
- s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190).
- s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573).
- s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229572).
- s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229188).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- RDMA/rxe: Handle zero length rdma (git-fixes)
- sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes).
- SUNRPC: Fix a race to wake a sync task (git-fixes).
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes).
- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).
- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).
- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances (git-fixes).
- x86/APM: drop the duplicate APM_MINOR_DEV macro (git-fixes).
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes).
- xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes).
- xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
Patchnames
SUSE-2024-3190,SUSE-SLE-Module-Public-Cloud-15-SP5-2024-3190,openSUSE-SLE-15.5-2024-3190
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).\n- CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).\n- CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).\n- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).\n- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).\n- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).\n- CVE-2023-52489: Fix race in accessing memory_section-\u003eusage (bsc#1221326).\n- CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).\n- CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).\n- CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).\n- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).\n- CVE-2024-44939: fix null ptr deref in dtInsertEntry (bsc#1229820).\n- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).\n- CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).\n- CVE-2024-43902: Add null checker before passing variables (bsc#1229767).\n- CVE-2024-43904: Add null checks for \u0027stream\u0027 and \u0027plane\u0027 before dereferencing (bsc#1229768)\n- CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).\n- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)\n- CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).\n- CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).\n- CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).\n- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)\n- CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).\n- CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).\n- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)\n- CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).\n- CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)\n- CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).\n- CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).\n- CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569).\n- CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).\n- CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).\n- CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)\n- CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)\n- CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)\n- CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)\n- CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).\n- CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)\n- CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).\n- CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).\n- CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).\n- CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).\n- CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).\n- CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).\n- CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).\n- CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).\n- CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).\n- CVE-2024-27016: Validate pppoe header (bsc#1223807).\n- CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).\n- CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).\n- CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).\n- CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).\n- CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).\n- CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).\n- CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)\n- CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)\n- CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)\n- CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).\n- CVE-2024-26677: Blacklist e7870cf13d20 (\u0027rxrpc: Fix delayed ACKs to not set the reference serial number\u0027) (bsc#1222387)\n- CVE-2024-36009: Blacklist 467324bcfe1a (\u0027ax25: Fix netdev refcount issue\u0027) (bsc#1224542)\n- CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).\n- CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)\n- CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)\n- CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)\n- CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)\n- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)\n- CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)\n- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).\n- CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).\n- CVE-2024-26669: Fix chain template offload (bsc#1222350).\n- CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).\n- CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).\n- CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).\n- CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).\n- CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).\n- CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).\n- CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).\n- CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).\n- CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).\n- CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).\n- CVE-2024-43839: Adjust \u0027name\u0027 buf size of bna_tcb and bna_ccb structures (bsc#1229301).\n- CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).\n- CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).\n- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)\n- CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).\n- CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).\n- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)\n- CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).\n- CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).\n- CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).\n- CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).\n- CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).\n- CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).\n- CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).\n- CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).\n- CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).\n- CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).\n- CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).\n- CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).\n- CVE-2024-42139: Fix improper extts handling (bsc#1228503).\n- CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).\n- CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).\n- CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).\n- CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).\n- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).\n- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).\n- CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).\n- CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).\n- CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613).\n- CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).\n- CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).\n- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).\n- CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).\n\nThe following non-security bugs were fixed:\n\n- ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC (git-fixes).\n- ACPI: bus: Indicate support for the Generic Event Device thru _OSC (git-fixes).\n- ACPI: bus: Rework system-level device notification handling (git-fixes).\n- ACPI: thermal: Drop nocrt parameter (git-fixes).\n- ACPI: x86: s2idle: Post-increment variables when getting constraints (git-fixes).\n- afs: Do not cross .backup mountpoint from backup volume (git-fixes).\n- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).\n- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).\n- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).\n- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).\n- ALSA: line6: Fix racy access to midibuf (stable-fixes).\n- ALSA: timer: Relax start tick time check for slave timer elements (git-fixes).\n- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).\n- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).\n- ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes).\n- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes).\n- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)\n- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)\n- arm64: Add Neoverse-V2 part (git-fixes)\n- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)\n- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)\n- arm64: barrier: Restore spec_bar() macro (git-fixes)\n- arm64: cpufeature: Add missing .field_width for GIC system registers (git-fixes)\n- arm64: cpufeature: Fix the visibility of compat hwcaps (git-fixes)\n- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to (git-fixes)\n- arm64: cputype: Add Cortex-A720 definitions (git-fixes)\n- arm64: cputype: Add Cortex-A725 definitions (git-fixes)\n- arm64: cputype: Add Cortex-X1C definitions (git-fixes)\n- arm64: cputype: Add Cortex-X3 definitions (git-fixes)\n- arm64: cputype: Add Cortex-X4 definitions (git-fixes)\n- arm64: cputype: Add Cortex-X925 definitions (git-fixes)\n- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)\n- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)\n- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)\n- arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (git-fixes)\n- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)\n- arm64: errata: Expand speculative SSBS workaround (git-fixes)\n- arm64: errata: Unify speculative SSBS errata logic (git-fixes) Also update default configuration.\n- arm64: Fix KASAN random tag seed initialization (git-fixes)\n- arm64: Fix KASAN random tag seed initialization (git-fixes)\n- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).\n- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).\n- async: Introduce async_schedule_dev_nocall() (bsc#1221269).\n- async: Split async_schedule_node_domain() (bsc#1221269).\n- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).\n- Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes).\n- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes).\n- Bluetooth: L2CAP: Fix deadlock (git-fixes).\n- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).\n- bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes).\n- btrfs: fix leak of qgroup extent records after transaction abort (git-fixes).\n- btrfs: make btrfs_destroy_delayed_refs() return void (git-fixes).\n- btrfs: remove unnecessary prototype declarations at disk-io.c (git-fixes).\n- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).\n- cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418).\n- ceph: issue a cap release immediately if no cap exists (bsc#1225162).\n- ceph: periodically flush the cap releases (bsc#1225162).\n- cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).\n- cpuidle, ACPI: Evaluate LPI arch_flags for broadcast timer (git-fixes).\n- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).\n- drm: add missing MODULE_DESCRIPTION() macros (stable-fixes).\n- drm: panel-orientation-quirks: Add labels for both Valve Steam Deck revisions (stable-fixes).\n- drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes).\n- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes).\n- drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01 (stable-fixes).\n- drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes).\n- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes).\n- drm/amd/display: Add NULL check for \u0027afb\u0027 before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes).\n- drm/amd/display: avoid using null object of framebuffer (git-fixes).\n- drm/amd/display: Fix \u0026\u0026 vs || typos (git-fixes).\n- drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes).\n- drm/amd/display: Validate hw_points_num before using it (stable-fixes).\n- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes).\n- drm/amdgpu: Actually check flags for all context ops (stable-fixes).\n- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).\n- drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).\n- drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes).\n- drm/amdgpu: Validate TA binary size (stable-fixes).\n- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).\n- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes).\n- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).\n- drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes).\n- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes).\n- drm/bridge: tc358768: Attempt to fix DSI horizontal timings (stable-fixes).\n- drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes).\n- drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes).\n- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).\n- drm/msm/dp: reset the link phy params before link training (git-fixes).\n- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes).\n- drm/msm/dpu: do not play tricks with debug macros (git-fixes).\n- drm/tegra: Zero-initialize iosys_map (stable-fixes).\n- exfat: fix inode-\u003ei_blocks for non-512 byte sector size device (git-fixes).\n- exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes).\n- exfat: redefine DIR_DELETED as the bad cluster number (git-fixes).\n- exfat: support dynamic allocate bh for exfat_entry_set_cache (git-fixes).\n- fs/netfs/fscache_cookie: add missing \u0027n_accesses\u0027 check (bsc#1229453).\n- fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).\n- genirq: Add might_sleep() to disable_irq() (git-fixes).\n- genirq: Always limit the affinity to online CPUs (git-fixes).\n- genirq: Do not return error on missing optional irq_request_resources() (git-fixes).\n- genirq: Take the proposed affinity at face value if force==true (git-fixes).\n- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes).\n- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes).\n- genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes).\n- genirq/irqdesc: Do not try to remove non-existing sysfs files (git-fixes).\n- genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes).\n- genirq/msi: Shutdown managed interrupts with unsatifiable affinities (git-fixes).\n- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).\n- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).\n- i2c: smbus: Improve handling of stuck alerts (git-fixes).\n- i2c: smbus: Send alert notifications to all devices if source not found (git-fixes).\n- iommu/amd: Convert comma to semicolon (git-fixes).\n- ip6_tunnel: Fix broken GRO (bsc#1229444).\n- ipv6: sr: fix incorrect unregister order (git-fixes).\n- irqdomain: Drop bogus fwspec-mapping error handling (git-fixes).\n- irqdomain: Fix association race (git-fixes).\n- irqdomain: Fix disassociation race (git-fixes).\n- irqdomain: Fix domain registration race (git-fixes).\n- irqdomain: Fix mapping-creation race (git-fixes).\n- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).\n- irqdomain: Look for existing mapping only once (git-fixes).\n- irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes).\n- irqdomain: Report irq number for NOMAP domains (git-fixes).\n- kprobes: Fix to check symbol prefixes correctly (git-fixes).\n- lockd: move from strlcpy with unused retval to strscpy (git-fixes).\n- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).\n- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).\n- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).\n- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).\n- mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes).\n- net: ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes).\n- net: ks8851: Fix deadlock with the SPI chip variant (git-fixes).\n- net: ks8851: Fix potential TX stall after interface reopen (git-fixes).\n- net: ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes).\n- net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).\n- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).\n- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).\n- net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).\n- net: remove two BUG() from skb_checksum_help() (bsc#1229312).\n- net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes).\n- net/rds: fix possible cp null dereference (git-fixes).\n- net/sched: initialize noop_qdisc owner (git-fixes).\n- nfc: pn533: Add poll mod list filling check (git-fixes).\n- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).\n- nfs: make the rpc_stat per net namespace (git-fixes).\n- NFSD: add posix ACLs to struct nfsd_attrs (git-fixes).\n- NFSD: add security label to struct nfsd_attrs (git-fixes).\n- NFSD: fix regression with setting ACLs (git-fixes).\n- NFSD: Fix strncpy() fortify warning (git-fixes).\n- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).\n- NFSD: introduce struct nfsd_attrs (git-fixes).\n- NFSD: move from strlcpy with unused retval to strscpy (git-fixes).\n- NFSD: Optimize DRC bucket pruning (git-fixes).\n- nfsd: return error if nfs4_setacl fails (git-fixes).\n- NFSD: set attributes when creating symlinks (git-fixes).\n- nfsd: use locks_inode_context helper (git-fixes).\n- nilfs2: Remove check for PageError (git-fixes).\n- nvme_core: scan namespaces asynchronously (bsc#1224105).\n- ocfs2: use coarse time for new created files (git-fixes).\n- padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).\n- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).\n- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).\n- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).\n- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).\n- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).\n- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).\n- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).\n- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).\n- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).\n- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).\n- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).\n- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).\n- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).\n- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).\n- power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes).\n- power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes).\n- powerpc: Fail build if using recordmcount with binutils v2.37 (bsc#1194869).\n- powerpc: Mark .opd section read-only (bsc#1194869).\n- powerpc: use generic version of arch_is_kernel_initmem_freed() (bsc#1194869).\n- powerpc: xor_vmx: Add \u0027-mhard-float\u0027 to CFLAGS (bsc#1194869).\n- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).\n- powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869).\n- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).\n- powerpc/kexec: make the update_cpus_node() function public (bsc#1194869).\n- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).\n- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).\n- powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869).\n- powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).\n- powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).\n- powerpc/xmon: Check cpu id in commands \u0027c#\u0027, \u0027dp#\u0027 and \u0027dx#\u0027 (bsc#1194869).\n- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).\n- RDMA/rxe: Fix incomplete state save in rxe_requester (git-fixes)\n- RDMA/rxe: Fix rxe_modify_srq (git-fixes)\n- RDMA/rxe: Move work queue code to subroutines (git-fixes)\n- s390/cpacf: get rid of register asm (git-fixes bsc#1227079 bsc#1229187).\n- s390/cpacf: Make use of invalid opcode produce a link error (git-fixes bsc#1227079).\n- s390/cpacf: Split and rework cpacf query functions (git-fixes bsc#1229187).\n- s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190).\n- s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573).\n- s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229572).\n- s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229188).\n- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).\n- RDMA/rxe: Handle zero length rdma (git-fixes)\n- sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes).\n- SUNRPC: Fix a race to wake a sync task (git-fixes).\n- swiotlb: fix swiotlb_bounce() to do partial sync\u0027s correctly (git-fixes).\n- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).\n- tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).\n- ubifs: add check for crypto_shash_tfm_digest (git-fixes).\n- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).\n- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).\n- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).\n- vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes).\n- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).\n- wifi: mwifiex: duplicate static structs used in driver instances (git-fixes).\n- x86/APM: drop the duplicate APM_MINOR_DEV macro (git-fixes).\n- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).\n- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).\n- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).\n- x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes).\n- xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes).\n- xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).\n- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).\n- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).\n- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3190,SUSE-SLE-Module-Public-Cloud-15-SP5-2024-3190,openSUSE-SLE-15.5-2024-3190",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3190-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3190-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243190-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3190-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019403.html"
},
{
"category": "self",
"summary": "SUSE Bug 1193629",
"url": "https://bugzilla.suse.com/1193629"
},
{
"category": "self",
"summary": "SUSE Bug 1194111",
"url": "https://bugzilla.suse.com/1194111"
},
{
"category": "self",
"summary": "SUSE Bug 1194765",
"url": "https://bugzilla.suse.com/1194765"
},
{
"category": "self",
"summary": "SUSE Bug 1194869",
"url": "https://bugzilla.suse.com/1194869"
},
{
"category": "self",
"summary": "SUSE Bug 1196261",
"url": "https://bugzilla.suse.com/1196261"
},
{
"category": "self",
"summary": "SUSE Bug 1196516",
"url": "https://bugzilla.suse.com/1196516"
},
{
"category": "self",
"summary": "SUSE Bug 1196894",
"url": "https://bugzilla.suse.com/1196894"
},
{
"category": "self",
"summary": "SUSE Bug 1198017",
"url": "https://bugzilla.suse.com/1198017"
},
{
"category": "self",
"summary": "SUSE Bug 1203329",
"url": "https://bugzilla.suse.com/1203329"
},
{
"category": "self",
"summary": "SUSE Bug 1203330",
"url": "https://bugzilla.suse.com/1203330"
},
{
"category": "self",
"summary": "SUSE Bug 1203360",
"url": "https://bugzilla.suse.com/1203360"
},
{
"category": "self",
"summary": "SUSE Bug 1205462",
"url": "https://bugzilla.suse.com/1205462"
},
{
"category": "self",
"summary": "SUSE Bug 1206006",
"url": "https://bugzilla.suse.com/1206006"
},
{
"category": "self",
"summary": "SUSE Bug 1206258",
"url": "https://bugzilla.suse.com/1206258"
},
{
"category": "self",
"summary": "SUSE Bug 1206843",
"url": "https://bugzilla.suse.com/1206843"
},
{
"category": "self",
"summary": "SUSE Bug 1207158",
"url": "https://bugzilla.suse.com/1207158"
},
{
"category": "self",
"summary": "SUSE Bug 1208783",
"url": "https://bugzilla.suse.com/1208783"
},
{
"category": "self",
"summary": "SUSE Bug 1210644",
"url": "https://bugzilla.suse.com/1210644"
},
{
"category": "self",
"summary": "SUSE Bug 1213580",
"url": "https://bugzilla.suse.com/1213580"
},
{
"category": "self",
"summary": "SUSE Bug 1213632",
"url": "https://bugzilla.suse.com/1213632"
},
{
"category": "self",
"summary": "SUSE Bug 1214285",
"url": "https://bugzilla.suse.com/1214285"
},
{
"category": "self",
"summary": "SUSE Bug 1216834",
"url": "https://bugzilla.suse.com/1216834"
},
{
"category": "self",
"summary": "SUSE Bug 1220428",
"url": "https://bugzilla.suse.com/1220428"
},
{
"category": "self",
"summary": "SUSE Bug 1220877",
"url": "https://bugzilla.suse.com/1220877"
},
{
"category": "self",
"summary": "SUSE Bug 1220962",
"url": "https://bugzilla.suse.com/1220962"
},
{
"category": "self",
"summary": "SUSE Bug 1221269",
"url": "https://bugzilla.suse.com/1221269"
},
{
"category": "self",
"summary": "SUSE Bug 1221326",
"url": "https://bugzilla.suse.com/1221326"
},
{
"category": "self",
"summary": "SUSE Bug 1221630",
"url": "https://bugzilla.suse.com/1221630"
},
{
"category": "self",
"summary": "SUSE Bug 1221645",
"url": "https://bugzilla.suse.com/1221645"
},
{
"category": "self",
"summary": "SUSE Bug 1222335",
"url": "https://bugzilla.suse.com/1222335"
},
{
"category": "self",
"summary": "SUSE Bug 1222350",
"url": "https://bugzilla.suse.com/1222350"
},
{
"category": "self",
"summary": "SUSE Bug 1222372",
"url": "https://bugzilla.suse.com/1222372"
},
{
"category": "self",
"summary": "SUSE Bug 1222387",
"url": "https://bugzilla.suse.com/1222387"
},
{
"category": "self",
"summary": "SUSE Bug 1222634",
"url": "https://bugzilla.suse.com/1222634"
},
{
"category": "self",
"summary": "SUSE Bug 1222808",
"url": "https://bugzilla.suse.com/1222808"
},
{
"category": "self",
"summary": "SUSE Bug 1222967",
"url": "https://bugzilla.suse.com/1222967"
},
{
"category": "self",
"summary": "SUSE Bug 1223074",
"url": "https://bugzilla.suse.com/1223074"
},
{
"category": "self",
"summary": "SUSE Bug 1223191",
"url": "https://bugzilla.suse.com/1223191"
},
{
"category": "self",
"summary": "SUSE Bug 1223508",
"url": "https://bugzilla.suse.com/1223508"
},
{
"category": "self",
"summary": "SUSE Bug 1223720",
"url": "https://bugzilla.suse.com/1223720"
},
{
"category": "self",
"summary": "SUSE Bug 1223742",
"url": "https://bugzilla.suse.com/1223742"
},
{
"category": "self",
"summary": "SUSE Bug 1223777",
"url": "https://bugzilla.suse.com/1223777"
},
{
"category": "self",
"summary": "SUSE Bug 1223803",
"url": "https://bugzilla.suse.com/1223803"
},
{
"category": "self",
"summary": "SUSE Bug 1223807",
"url": "https://bugzilla.suse.com/1223807"
},
{
"category": "self",
"summary": "SUSE Bug 1224105",
"url": "https://bugzilla.suse.com/1224105"
},
{
"category": "self",
"summary": "SUSE Bug 1224415",
"url": "https://bugzilla.suse.com/1224415"
},
{
"category": "self",
"summary": "SUSE Bug 1224496",
"url": "https://bugzilla.suse.com/1224496"
},
{
"category": "self",
"summary": "SUSE Bug 1224510",
"url": "https://bugzilla.suse.com/1224510"
},
{
"category": "self",
"summary": "SUSE Bug 1224542",
"url": "https://bugzilla.suse.com/1224542"
},
{
"category": "self",
"summary": "SUSE Bug 1224578",
"url": "https://bugzilla.suse.com/1224578"
},
{
"category": "self",
"summary": "SUSE Bug 1224639",
"url": "https://bugzilla.suse.com/1224639"
},
{
"category": "self",
"summary": "SUSE Bug 1225162",
"url": "https://bugzilla.suse.com/1225162"
},
{
"category": "self",
"summary": "SUSE Bug 1225352",
"url": "https://bugzilla.suse.com/1225352"
},
{
"category": "self",
"summary": "SUSE Bug 1225428",
"url": "https://bugzilla.suse.com/1225428"
},
{
"category": "self",
"summary": "SUSE Bug 1225524",
"url": "https://bugzilla.suse.com/1225524"
},
{
"category": "self",
"summary": "SUSE Bug 1225578",
"url": "https://bugzilla.suse.com/1225578"
},
{
"category": "self",
"summary": "SUSE Bug 1225582",
"url": "https://bugzilla.suse.com/1225582"
},
{
"category": "self",
"summary": "SUSE Bug 1225773",
"url": "https://bugzilla.suse.com/1225773"
},
{
"category": "self",
"summary": "SUSE Bug 1225814",
"url": "https://bugzilla.suse.com/1225814"
},
{
"category": "self",
"summary": "SUSE Bug 1225827",
"url": "https://bugzilla.suse.com/1225827"
},
{
"category": "self",
"summary": "SUSE Bug 1225832",
"url": "https://bugzilla.suse.com/1225832"
},
{
"category": "self",
"summary": "SUSE Bug 1225903",
"url": "https://bugzilla.suse.com/1225903"
},
{
"category": "self",
"summary": "SUSE Bug 1226168",
"url": "https://bugzilla.suse.com/1226168"
},
{
"category": "self",
"summary": "SUSE Bug 1226530",
"url": "https://bugzilla.suse.com/1226530"
},
{
"category": "self",
"summary": "SUSE Bug 1226613",
"url": "https://bugzilla.suse.com/1226613"
},
{
"category": "self",
"summary": "SUSE Bug 1226742",
"url": "https://bugzilla.suse.com/1226742"
},
{
"category": "self",
"summary": "SUSE Bug 1226765",
"url": "https://bugzilla.suse.com/1226765"
},
{
"category": "self",
"summary": "SUSE Bug 1226798",
"url": "https://bugzilla.suse.com/1226798"
},
{
"category": "self",
"summary": "SUSE Bug 1226801",
"url": "https://bugzilla.suse.com/1226801"
},
{
"category": "self",
"summary": "SUSE Bug 1226874",
"url": "https://bugzilla.suse.com/1226874"
},
{
"category": "self",
"summary": "SUSE Bug 1226885",
"url": "https://bugzilla.suse.com/1226885"
},
{
"category": "self",
"summary": "SUSE Bug 1227079",
"url": "https://bugzilla.suse.com/1227079"
},
{
"category": "self",
"summary": "SUSE Bug 1227623",
"url": "https://bugzilla.suse.com/1227623"
},
{
"category": "self",
"summary": "SUSE Bug 1227761",
"url": "https://bugzilla.suse.com/1227761"
},
{
"category": "self",
"summary": "SUSE Bug 1227830",
"url": "https://bugzilla.suse.com/1227830"
},
{
"category": "self",
"summary": "SUSE Bug 1227863",
"url": "https://bugzilla.suse.com/1227863"
},
{
"category": "self",
"summary": "SUSE Bug 1227867",
"url": "https://bugzilla.suse.com/1227867"
},
{
"category": "self",
"summary": "SUSE Bug 1227929",
"url": "https://bugzilla.suse.com/1227929"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1227958",
"url": "https://bugzilla.suse.com/1227958"
},
{
"category": "self",
"summary": "SUSE Bug 1228020",
"url": "https://bugzilla.suse.com/1228020"
},
{
"category": "self",
"summary": "SUSE Bug 1228065",
"url": "https://bugzilla.suse.com/1228065"
},
{
"category": "self",
"summary": "SUSE Bug 1228114",
"url": "https://bugzilla.suse.com/1228114"
},
{
"category": "self",
"summary": "SUSE Bug 1228410",
"url": "https://bugzilla.suse.com/1228410"
},
{
"category": "self",
"summary": "SUSE Bug 1228426",
"url": "https://bugzilla.suse.com/1228426"
},
{
"category": "self",
"summary": "SUSE Bug 1228427",
"url": "https://bugzilla.suse.com/1228427"
},
{
"category": "self",
"summary": "SUSE Bug 1228429",
"url": "https://bugzilla.suse.com/1228429"
},
{
"category": "self",
"summary": "SUSE Bug 1228446",
"url": "https://bugzilla.suse.com/1228446"
},
{
"category": "self",
"summary": "SUSE Bug 1228447",
"url": "https://bugzilla.suse.com/1228447"
},
{
"category": "self",
"summary": "SUSE Bug 1228449",
"url": "https://bugzilla.suse.com/1228449"
},
{
"category": "self",
"summary": "SUSE Bug 1228450",
"url": "https://bugzilla.suse.com/1228450"
},
{
"category": "self",
"summary": "SUSE Bug 1228452",
"url": "https://bugzilla.suse.com/1228452"
},
{
"category": "self",
"summary": "SUSE Bug 1228456",
"url": "https://bugzilla.suse.com/1228456"
},
{
"category": "self",
"summary": "SUSE Bug 1228463",
"url": "https://bugzilla.suse.com/1228463"
},
{
"category": "self",
"summary": "SUSE Bug 1228466",
"url": "https://bugzilla.suse.com/1228466"
},
{
"category": "self",
"summary": "SUSE Bug 1228467",
"url": "https://bugzilla.suse.com/1228467"
},
{
"category": "self",
"summary": "SUSE Bug 1228469",
"url": "https://bugzilla.suse.com/1228469"
},
{
"category": "self",
"summary": "SUSE Bug 1228480",
"url": "https://bugzilla.suse.com/1228480"
},
{
"category": "self",
"summary": "SUSE Bug 1228481",
"url": "https://bugzilla.suse.com/1228481"
},
{
"category": "self",
"summary": "SUSE Bug 1228482",
"url": "https://bugzilla.suse.com/1228482"
},
{
"category": "self",
"summary": "SUSE Bug 1228483",
"url": "https://bugzilla.suse.com/1228483"
},
{
"category": "self",
"summary": "SUSE Bug 1228484",
"url": "https://bugzilla.suse.com/1228484"
},
{
"category": "self",
"summary": "SUSE Bug 1228485",
"url": "https://bugzilla.suse.com/1228485"
},
{
"category": "self",
"summary": "SUSE Bug 1228487",
"url": "https://bugzilla.suse.com/1228487"
},
{
"category": "self",
"summary": "SUSE Bug 1228489",
"url": "https://bugzilla.suse.com/1228489"
},
{
"category": "self",
"summary": "SUSE Bug 1228491",
"url": "https://bugzilla.suse.com/1228491"
},
{
"category": "self",
"summary": "SUSE Bug 1228493",
"url": "https://bugzilla.suse.com/1228493"
},
{
"category": "self",
"summary": "SUSE Bug 1228494",
"url": "https://bugzilla.suse.com/1228494"
},
{
"category": "self",
"summary": "SUSE Bug 1228495",
"url": "https://bugzilla.suse.com/1228495"
},
{
"category": "self",
"summary": "SUSE Bug 1228496",
"url": "https://bugzilla.suse.com/1228496"
},
{
"category": "self",
"summary": "SUSE Bug 1228501",
"url": "https://bugzilla.suse.com/1228501"
},
{
"category": "self",
"summary": "SUSE Bug 1228503",
"url": "https://bugzilla.suse.com/1228503"
},
{
"category": "self",
"summary": "SUSE Bug 1228509",
"url": "https://bugzilla.suse.com/1228509"
},
{
"category": "self",
"summary": "SUSE Bug 1228513",
"url": "https://bugzilla.suse.com/1228513"
},
{
"category": "self",
"summary": "SUSE Bug 1228515",
"url": "https://bugzilla.suse.com/1228515"
},
{
"category": "self",
"summary": "SUSE Bug 1228516",
"url": "https://bugzilla.suse.com/1228516"
},
{
"category": "self",
"summary": "SUSE Bug 1228526",
"url": "https://bugzilla.suse.com/1228526"
},
{
"category": "self",
"summary": "SUSE Bug 1228531",
"url": "https://bugzilla.suse.com/1228531"
},
{
"category": "self",
"summary": "SUSE Bug 1228563",
"url": "https://bugzilla.suse.com/1228563"
},
{
"category": "self",
"summary": "SUSE Bug 1228564",
"url": "https://bugzilla.suse.com/1228564"
},
{
"category": "self",
"summary": "SUSE Bug 1228567",
"url": "https://bugzilla.suse.com/1228567"
},
{
"category": "self",
"summary": "SUSE Bug 1228576",
"url": "https://bugzilla.suse.com/1228576"
},
{
"category": "self",
"summary": "SUSE Bug 1228579",
"url": "https://bugzilla.suse.com/1228579"
},
{
"category": "self",
"summary": "SUSE Bug 1228584",
"url": "https://bugzilla.suse.com/1228584"
},
{
"category": "self",
"summary": "SUSE Bug 1228588",
"url": "https://bugzilla.suse.com/1228588"
},
{
"category": "self",
"summary": "SUSE Bug 1228590",
"url": "https://bugzilla.suse.com/1228590"
},
{
"category": "self",
"summary": "SUSE Bug 1228615",
"url": "https://bugzilla.suse.com/1228615"
},
{
"category": "self",
"summary": "SUSE Bug 1228616",
"url": "https://bugzilla.suse.com/1228616"
},
{
"category": "self",
"summary": "SUSE Bug 1228635",
"url": "https://bugzilla.suse.com/1228635"
},
{
"category": "self",
"summary": "SUSE Bug 1228636",
"url": "https://bugzilla.suse.com/1228636"
},
{
"category": "self",
"summary": "SUSE Bug 1228654",
"url": "https://bugzilla.suse.com/1228654"
},
{
"category": "self",
"summary": "SUSE Bug 1228656",
"url": "https://bugzilla.suse.com/1228656"
},
{
"category": "self",
"summary": "SUSE Bug 1228658",
"url": "https://bugzilla.suse.com/1228658"
},
{
"category": "self",
"summary": "SUSE Bug 1228660",
"url": "https://bugzilla.suse.com/1228660"
},
{
"category": "self",
"summary": "SUSE Bug 1228662",
"url": "https://bugzilla.suse.com/1228662"
},
{
"category": "self",
"summary": "SUSE Bug 1228667",
"url": "https://bugzilla.suse.com/1228667"
},
{
"category": "self",
"summary": "SUSE Bug 1228673",
"url": "https://bugzilla.suse.com/1228673"
},
{
"category": "self",
"summary": "SUSE Bug 1228677",
"url": "https://bugzilla.suse.com/1228677"
},
{
"category": "self",
"summary": "SUSE Bug 1228687",
"url": "https://bugzilla.suse.com/1228687"
},
{
"category": "self",
"summary": "SUSE Bug 1228706",
"url": "https://bugzilla.suse.com/1228706"
},
{
"category": "self",
"summary": "SUSE Bug 1228708",
"url": "https://bugzilla.suse.com/1228708"
},
{
"category": "self",
"summary": "SUSE Bug 1228710",
"url": "https://bugzilla.suse.com/1228710"
},
{
"category": "self",
"summary": "SUSE Bug 1228718",
"url": "https://bugzilla.suse.com/1228718"
},
{
"category": "self",
"summary": "SUSE Bug 1228720",
"url": "https://bugzilla.suse.com/1228720"
},
{
"category": "self",
"summary": "SUSE Bug 1228721",
"url": "https://bugzilla.suse.com/1228721"
},
{
"category": "self",
"summary": "SUSE Bug 1228722",
"url": "https://bugzilla.suse.com/1228722"
},
{
"category": "self",
"summary": "SUSE Bug 1228724",
"url": "https://bugzilla.suse.com/1228724"
},
{
"category": "self",
"summary": "SUSE Bug 1228726",
"url": "https://bugzilla.suse.com/1228726"
},
{
"category": "self",
"summary": "SUSE Bug 1228727",
"url": "https://bugzilla.suse.com/1228727"
},
{
"category": "self",
"summary": "SUSE Bug 1228733",
"url": "https://bugzilla.suse.com/1228733"
},
{
"category": "self",
"summary": "SUSE Bug 1228748",
"url": "https://bugzilla.suse.com/1228748"
},
{
"category": "self",
"summary": "SUSE Bug 1228766",
"url": "https://bugzilla.suse.com/1228766"
},
{
"category": "self",
"summary": "SUSE Bug 1228779",
"url": "https://bugzilla.suse.com/1228779"
},
{
"category": "self",
"summary": "SUSE Bug 1228801",
"url": "https://bugzilla.suse.com/1228801"
},
{
"category": "self",
"summary": "SUSE Bug 1228850",
"url": "https://bugzilla.suse.com/1228850"
},
{
"category": "self",
"summary": "SUSE Bug 1228857",
"url": "https://bugzilla.suse.com/1228857"
},
{
"category": "self",
"summary": "SUSE Bug 1228959",
"url": "https://bugzilla.suse.com/1228959"
},
{
"category": "self",
"summary": "SUSE Bug 1228964",
"url": "https://bugzilla.suse.com/1228964"
},
{
"category": "self",
"summary": "SUSE Bug 1228966",
"url": "https://bugzilla.suse.com/1228966"
},
{
"category": "self",
"summary": "SUSE Bug 1228967",
"url": "https://bugzilla.suse.com/1228967"
},
{
"category": "self",
"summary": "SUSE Bug 1228979",
"url": "https://bugzilla.suse.com/1228979"
},
{
"category": "self",
"summary": "SUSE Bug 1228988",
"url": "https://bugzilla.suse.com/1228988"
},
{
"category": "self",
"summary": "SUSE Bug 1228989",
"url": "https://bugzilla.suse.com/1228989"
},
{
"category": "self",
"summary": "SUSE Bug 1228991",
"url": "https://bugzilla.suse.com/1228991"
},
{
"category": "self",
"summary": "SUSE Bug 1228992",
"url": "https://bugzilla.suse.com/1228992"
},
{
"category": "self",
"summary": "SUSE Bug 1229042",
"url": "https://bugzilla.suse.com/1229042"
},
{
"category": "self",
"summary": "SUSE Bug 1229054",
"url": "https://bugzilla.suse.com/1229054"
},
{
"category": "self",
"summary": "SUSE Bug 1229086",
"url": "https://bugzilla.suse.com/1229086"
},
{
"category": "self",
"summary": "SUSE Bug 1229136",
"url": "https://bugzilla.suse.com/1229136"
},
{
"category": "self",
"summary": "SUSE Bug 1229154",
"url": "https://bugzilla.suse.com/1229154"
},
{
"category": "self",
"summary": "SUSE Bug 1229187",
"url": "https://bugzilla.suse.com/1229187"
},
{
"category": "self",
"summary": "SUSE Bug 1229188",
"url": "https://bugzilla.suse.com/1229188"
},
{
"category": "self",
"summary": "SUSE Bug 1229190",
"url": "https://bugzilla.suse.com/1229190"
},
{
"category": "self",
"summary": "SUSE Bug 1229287",
"url": "https://bugzilla.suse.com/1229287"
},
{
"category": "self",
"summary": "SUSE Bug 1229290",
"url": "https://bugzilla.suse.com/1229290"
},
{
"category": "self",
"summary": "SUSE Bug 1229292",
"url": "https://bugzilla.suse.com/1229292"
},
{
"category": "self",
"summary": "SUSE Bug 1229296",
"url": "https://bugzilla.suse.com/1229296"
},
{
"category": "self",
"summary": "SUSE Bug 1229297",
"url": "https://bugzilla.suse.com/1229297"
},
{
"category": "self",
"summary": "SUSE Bug 1229301",
"url": "https://bugzilla.suse.com/1229301"
},
{
"category": "self",
"summary": "SUSE Bug 1229303",
"url": "https://bugzilla.suse.com/1229303"
},
{
"category": "self",
"summary": "SUSE Bug 1229304",
"url": "https://bugzilla.suse.com/1229304"
},
{
"category": "self",
"summary": "SUSE Bug 1229305",
"url": "https://bugzilla.suse.com/1229305"
},
{
"category": "self",
"summary": "SUSE Bug 1229307",
"url": "https://bugzilla.suse.com/1229307"
},
{
"category": "self",
"summary": "SUSE Bug 1229309",
"url": "https://bugzilla.suse.com/1229309"
},
{
"category": "self",
"summary": "SUSE Bug 1229312",
"url": "https://bugzilla.suse.com/1229312"
},
{
"category": "self",
"summary": "SUSE Bug 1229314",
"url": "https://bugzilla.suse.com/1229314"
},
{
"category": "self",
"summary": "SUSE Bug 1229315",
"url": "https://bugzilla.suse.com/1229315"
},
{
"category": "self",
"summary": "SUSE Bug 1229317",
"url": "https://bugzilla.suse.com/1229317"
},
{
"category": "self",
"summary": "SUSE Bug 1229318",
"url": "https://bugzilla.suse.com/1229318"
},
{
"category": "self",
"summary": "SUSE Bug 1229319",
"url": "https://bugzilla.suse.com/1229319"
},
{
"category": "self",
"summary": "SUSE Bug 1229327",
"url": "https://bugzilla.suse.com/1229327"
},
{
"category": "self",
"summary": "SUSE Bug 1229341",
"url": "https://bugzilla.suse.com/1229341"
},
{
"category": "self",
"summary": "SUSE Bug 1229345",
"url": "https://bugzilla.suse.com/1229345"
},
{
"category": "self",
"summary": "SUSE Bug 1229346",
"url": "https://bugzilla.suse.com/1229346"
},
{
"category": "self",
"summary": "SUSE Bug 1229347",
"url": "https://bugzilla.suse.com/1229347"
},
{
"category": "self",
"summary": "SUSE Bug 1229349",
"url": "https://bugzilla.suse.com/1229349"
},
{
"category": "self",
"summary": "SUSE Bug 1229350",
"url": "https://bugzilla.suse.com/1229350"
},
{
"category": "self",
"summary": "SUSE Bug 1229351",
"url": "https://bugzilla.suse.com/1229351"
},
{
"category": "self",
"summary": "SUSE Bug 1229354",
"url": "https://bugzilla.suse.com/1229354"
},
{
"category": "self",
"summary": "SUSE Bug 1229356",
"url": "https://bugzilla.suse.com/1229356"
},
{
"category": "self",
"summary": "SUSE Bug 1229357",
"url": "https://bugzilla.suse.com/1229357"
},
{
"category": "self",
"summary": "SUSE Bug 1229358",
"url": "https://bugzilla.suse.com/1229358"
},
{
"category": "self",
"summary": "SUSE Bug 1229359",
"url": "https://bugzilla.suse.com/1229359"
},
{
"category": "self",
"summary": "SUSE Bug 1229360",
"url": "https://bugzilla.suse.com/1229360"
},
{
"category": "self",
"summary": "SUSE Bug 1229366",
"url": "https://bugzilla.suse.com/1229366"
},
{
"category": "self",
"summary": "SUSE Bug 1229370",
"url": "https://bugzilla.suse.com/1229370"
},
{
"category": "self",
"summary": "SUSE Bug 1229373",
"url": "https://bugzilla.suse.com/1229373"
},
{
"category": "self",
"summary": "SUSE Bug 1229374",
"url": "https://bugzilla.suse.com/1229374"
},
{
"category": "self",
"summary": "SUSE Bug 1229381",
"url": "https://bugzilla.suse.com/1229381"
},
{
"category": "self",
"summary": "SUSE Bug 1229382",
"url": "https://bugzilla.suse.com/1229382"
},
{
"category": "self",
"summary": "SUSE Bug 1229383",
"url": "https://bugzilla.suse.com/1229383"
},
{
"category": "self",
"summary": "SUSE Bug 1229386",
"url": "https://bugzilla.suse.com/1229386"
},
{
"category": "self",
"summary": "SUSE Bug 1229388",
"url": "https://bugzilla.suse.com/1229388"
},
{
"category": "self",
"summary": "SUSE Bug 1229391",
"url": "https://bugzilla.suse.com/1229391"
},
{
"category": "self",
"summary": "SUSE Bug 1229392",
"url": "https://bugzilla.suse.com/1229392"
},
{
"category": "self",
"summary": "SUSE Bug 1229395",
"url": "https://bugzilla.suse.com/1229395"
},
{
"category": "self",
"summary": "SUSE Bug 1229398",
"url": "https://bugzilla.suse.com/1229398"
},
{
"category": "self",
"summary": "SUSE Bug 1229399",
"url": "https://bugzilla.suse.com/1229399"
},
{
"category": "self",
"summary": "SUSE Bug 1229400",
"url": "https://bugzilla.suse.com/1229400"
},
{
"category": "self",
"summary": "SUSE Bug 1229407",
"url": "https://bugzilla.suse.com/1229407"
},
{
"category": "self",
"summary": "SUSE Bug 1229409",
"url": "https://bugzilla.suse.com/1229409"
},
{
"category": "self",
"summary": "SUSE Bug 1229410",
"url": "https://bugzilla.suse.com/1229410"
},
{
"category": "self",
"summary": "SUSE Bug 1229411",
"url": "https://bugzilla.suse.com/1229411"
},
{
"category": "self",
"summary": "SUSE Bug 1229413",
"url": "https://bugzilla.suse.com/1229413"
},
{
"category": "self",
"summary": "SUSE Bug 1229414",
"url": "https://bugzilla.suse.com/1229414"
},
{
"category": "self",
"summary": "SUSE Bug 1229417",
"url": "https://bugzilla.suse.com/1229417"
},
{
"category": "self",
"summary": "SUSE Bug 1229418",
"url": "https://bugzilla.suse.com/1229418"
},
{
"category": "self",
"summary": "SUSE Bug 1229444",
"url": "https://bugzilla.suse.com/1229444"
},
{
"category": "self",
"summary": "SUSE Bug 1229453",
"url": "https://bugzilla.suse.com/1229453"
},
{
"category": "self",
"summary": "SUSE Bug 1229454",
"url": "https://bugzilla.suse.com/1229454"
},
{
"category": "self",
"summary": "SUSE Bug 1229481",
"url": "https://bugzilla.suse.com/1229481"
},
{
"category": "self",
"summary": "SUSE Bug 1229482",
"url": "https://bugzilla.suse.com/1229482"
},
{
"category": "self",
"summary": "SUSE Bug 1229488",
"url": "https://bugzilla.suse.com/1229488"
},
{
"category": "self",
"summary": "SUSE Bug 1229489",
"url": "https://bugzilla.suse.com/1229489"
},
{
"category": "self",
"summary": "SUSE Bug 1229490",
"url": "https://bugzilla.suse.com/1229490"
},
{
"category": "self",
"summary": "SUSE Bug 1229493",
"url": "https://bugzilla.suse.com/1229493"
},
{
"category": "self",
"summary": "SUSE Bug 1229495",
"url": "https://bugzilla.suse.com/1229495"
},
{
"category": "self",
"summary": "SUSE Bug 1229497",
"url": "https://bugzilla.suse.com/1229497"
},
{
"category": "self",
"summary": "SUSE Bug 1229500",
"url": "https://bugzilla.suse.com/1229500"
},
{
"category": "self",
"summary": "SUSE Bug 1229503",
"url": "https://bugzilla.suse.com/1229503"
},
{
"category": "self",
"summary": "SUSE Bug 1229506",
"url": "https://bugzilla.suse.com/1229506"
},
{
"category": "self",
"summary": "SUSE Bug 1229507",
"url": "https://bugzilla.suse.com/1229507"
},
{
"category": "self",
"summary": "SUSE Bug 1229508",
"url": "https://bugzilla.suse.com/1229508"
},
{
"category": "self",
"summary": "SUSE Bug 1229509",
"url": "https://bugzilla.suse.com/1229509"
},
{
"category": "self",
"summary": "SUSE Bug 1229510",
"url": "https://bugzilla.suse.com/1229510"
},
{
"category": "self",
"summary": "SUSE Bug 1229512",
"url": "https://bugzilla.suse.com/1229512"
},
{
"category": "self",
"summary": "SUSE Bug 1229516",
"url": "https://bugzilla.suse.com/1229516"
},
{
"category": "self",
"summary": "SUSE Bug 1229521",
"url": "https://bugzilla.suse.com/1229521"
},
{
"category": "self",
"summary": "SUSE Bug 1229522",
"url": "https://bugzilla.suse.com/1229522"
},
{
"category": "self",
"summary": "SUSE Bug 1229523",
"url": "https://bugzilla.suse.com/1229523"
},
{
"category": "self",
"summary": "SUSE Bug 1229524",
"url": "https://bugzilla.suse.com/1229524"
},
{
"category": "self",
"summary": "SUSE Bug 1229525",
"url": "https://bugzilla.suse.com/1229525"
},
{
"category": "self",
"summary": "SUSE Bug 1229526",
"url": "https://bugzilla.suse.com/1229526"
},
{
"category": "self",
"summary": "SUSE Bug 1229527",
"url": "https://bugzilla.suse.com/1229527"
},
{
"category": "self",
"summary": "SUSE Bug 1229528",
"url": "https://bugzilla.suse.com/1229528"
},
{
"category": "self",
"summary": "SUSE Bug 1229529",
"url": "https://bugzilla.suse.com/1229529"
},
{
"category": "self",
"summary": "SUSE Bug 1229531",
"url": "https://bugzilla.suse.com/1229531"
},
{
"category": "self",
"summary": "SUSE Bug 1229533",
"url": "https://bugzilla.suse.com/1229533"
},
{
"category": "self",
"summary": "SUSE Bug 1229535",
"url": "https://bugzilla.suse.com/1229535"
},
{
"category": "self",
"summary": "SUSE Bug 1229536",
"url": "https://bugzilla.suse.com/1229536"
},
{
"category": "self",
"summary": "SUSE Bug 1229537",
"url": "https://bugzilla.suse.com/1229537"
},
{
"category": "self",
"summary": "SUSE Bug 1229540",
"url": "https://bugzilla.suse.com/1229540"
},
{
"category": "self",
"summary": "SUSE Bug 1229544",
"url": "https://bugzilla.suse.com/1229544"
},
{
"category": "self",
"summary": "SUSE Bug 1229545",
"url": "https://bugzilla.suse.com/1229545"
},
{
"category": "self",
"summary": "SUSE Bug 1229546",
"url": "https://bugzilla.suse.com/1229546"
},
{
"category": "self",
"summary": "SUSE Bug 1229547",
"url": "https://bugzilla.suse.com/1229547"
},
{
"category": "self",
"summary": "SUSE Bug 1229548",
"url": "https://bugzilla.suse.com/1229548"
},
{
"category": "self",
"summary": "SUSE Bug 1229554",
"url": "https://bugzilla.suse.com/1229554"
},
{
"category": "self",
"summary": "SUSE Bug 1229557",
"url": "https://bugzilla.suse.com/1229557"
},
{
"category": "self",
"summary": "SUSE Bug 1229558",
"url": "https://bugzilla.suse.com/1229558"
},
{
"category": "self",
"summary": "SUSE Bug 1229559",
"url": "https://bugzilla.suse.com/1229559"
},
{
"category": "self",
"summary": "SUSE Bug 1229560",
"url": "https://bugzilla.suse.com/1229560"
},
{
"category": "self",
"summary": "SUSE Bug 1229562",
"url": "https://bugzilla.suse.com/1229562"
},
{
"category": "self",
"summary": "SUSE Bug 1229564",
"url": "https://bugzilla.suse.com/1229564"
},
{
"category": "self",
"summary": "SUSE Bug 1229565",
"url": "https://bugzilla.suse.com/1229565"
},
{
"category": "self",
"summary": "SUSE Bug 1229566",
"url": "https://bugzilla.suse.com/1229566"
},
{
"category": "self",
"summary": "SUSE Bug 1229568",
"url": "https://bugzilla.suse.com/1229568"
},
{
"category": "self",
"summary": "SUSE Bug 1229569",
"url": "https://bugzilla.suse.com/1229569"
},
{
"category": "self",
"summary": "SUSE Bug 1229572",
"url": "https://bugzilla.suse.com/1229572"
},
{
"category": "self",
"summary": "SUSE Bug 1229573",
"url": "https://bugzilla.suse.com/1229573"
},
{
"category": "self",
"summary": "SUSE Bug 1229576",
"url": "https://bugzilla.suse.com/1229576"
},
{
"category": "self",
"summary": "SUSE Bug 1229581",
"url": "https://bugzilla.suse.com/1229581"
},
{
"category": "self",
"summary": "SUSE Bug 1229588",
"url": "https://bugzilla.suse.com/1229588"
},
{
"category": "self",
"summary": "SUSE Bug 1229598",
"url": "https://bugzilla.suse.com/1229598"
},
{
"category": "self",
"summary": "SUSE Bug 1229603",
"url": "https://bugzilla.suse.com/1229603"
},
{
"category": "self",
"summary": "SUSE Bug 1229604",
"url": "https://bugzilla.suse.com/1229604"
},
{
"category": "self",
"summary": "SUSE Bug 1229605",
"url": "https://bugzilla.suse.com/1229605"
},
{
"category": "self",
"summary": "SUSE Bug 1229608",
"url": "https://bugzilla.suse.com/1229608"
},
{
"category": "self",
"summary": "SUSE Bug 1229611",
"url": "https://bugzilla.suse.com/1229611"
},
{
"category": "self",
"summary": "SUSE Bug 1229612",
"url": "https://bugzilla.suse.com/1229612"
},
{
"category": "self",
"summary": "SUSE Bug 1229613",
"url": "https://bugzilla.suse.com/1229613"
},
{
"category": "self",
"summary": "SUSE Bug 1229614",
"url": "https://bugzilla.suse.com/1229614"
},
{
"category": "self",
"summary": "SUSE Bug 1229615",
"url": "https://bugzilla.suse.com/1229615"
},
{
"category": "self",
"summary": "SUSE Bug 1229616",
"url": "https://bugzilla.suse.com/1229616"
},
{
"category": "self",
"summary": "SUSE Bug 1229617",
"url": "https://bugzilla.suse.com/1229617"
},
{
"category": "self",
"summary": "SUSE Bug 1229620",
"url": "https://bugzilla.suse.com/1229620"
},
{
"category": "self",
"summary": "SUSE Bug 1229622",
"url": "https://bugzilla.suse.com/1229622"
},
{
"category": "self",
"summary": "SUSE Bug 1229623",
"url": "https://bugzilla.suse.com/1229623"
},
{
"category": "self",
"summary": "SUSE Bug 1229624",
"url": "https://bugzilla.suse.com/1229624"
},
{
"category": "self",
"summary": "SUSE Bug 1229625",
"url": "https://bugzilla.suse.com/1229625"
},
{
"category": "self",
"summary": "SUSE Bug 1229626",
"url": "https://bugzilla.suse.com/1229626"
},
{
"category": "self",
"summary": "SUSE Bug 1229628",
"url": "https://bugzilla.suse.com/1229628"
},
{
"category": "self",
"summary": "SUSE Bug 1229629",
"url": "https://bugzilla.suse.com/1229629"
},
{
"category": "self",
"summary": "SUSE Bug 1229630",
"url": "https://bugzilla.suse.com/1229630"
},
{
"category": "self",
"summary": "SUSE Bug 1229631",
"url": "https://bugzilla.suse.com/1229631"
},
{
"category": "self",
"summary": "SUSE Bug 1229632",
"url": "https://bugzilla.suse.com/1229632"
},
{
"category": "self",
"summary": "SUSE Bug 1229635",
"url": "https://bugzilla.suse.com/1229635"
},
{
"category": "self",
"summary": "SUSE Bug 1229636",
"url": "https://bugzilla.suse.com/1229636"
},
{
"category": "self",
"summary": "SUSE Bug 1229637",
"url": "https://bugzilla.suse.com/1229637"
},
{
"category": "self",
"summary": "SUSE Bug 1229638",
"url": "https://bugzilla.suse.com/1229638"
},
{
"category": "self",
"summary": "SUSE Bug 1229639",
"url": "https://bugzilla.suse.com/1229639"
},
{
"category": "self",
"summary": "SUSE Bug 1229641",
"url": "https://bugzilla.suse.com/1229641"
},
{
"category": "self",
"summary": "SUSE Bug 1229642",
"url": "https://bugzilla.suse.com/1229642"
},
{
"category": "self",
"summary": "SUSE Bug 1229643",
"url": "https://bugzilla.suse.com/1229643"
},
{
"category": "self",
"summary": "SUSE Bug 1229645",
"url": "https://bugzilla.suse.com/1229645"
},
{
"category": "self",
"summary": "SUSE Bug 1229657",
"url": "https://bugzilla.suse.com/1229657"
},
{
"category": "self",
"summary": "SUSE Bug 1229658",
"url": "https://bugzilla.suse.com/1229658"
},
{
"category": "self",
"summary": "SUSE Bug 1229662",
"url": "https://bugzilla.suse.com/1229662"
},
{
"category": "self",
"summary": "SUSE Bug 1229664",
"url": "https://bugzilla.suse.com/1229664"
},
{
"category": "self",
"summary": "SUSE Bug 1229707",
"url": "https://bugzilla.suse.com/1229707"
},
{
"category": "self",
"summary": "SUSE Bug 1229739",
"url": "https://bugzilla.suse.com/1229739"
},
{
"category": "self",
"summary": "SUSE Bug 1229743",
"url": "https://bugzilla.suse.com/1229743"
},
{
"category": "self",
"summary": "SUSE Bug 1229746",
"url": "https://bugzilla.suse.com/1229746"
},
{
"category": "self",
"summary": "SUSE Bug 1229754",
"url": "https://bugzilla.suse.com/1229754"
},
{
"category": "self",
"summary": "SUSE Bug 1229755",
"url": "https://bugzilla.suse.com/1229755"
},
{
"category": "self",
"summary": "SUSE Bug 1229756",
"url": "https://bugzilla.suse.com/1229756"
},
{
"category": "self",
"summary": "SUSE Bug 1229759",
"url": "https://bugzilla.suse.com/1229759"
},
{
"category": "self",
"summary": "SUSE Bug 1229761",
"url": "https://bugzilla.suse.com/1229761"
},
{
"category": "self",
"summary": "SUSE Bug 1229767",
"url": "https://bugzilla.suse.com/1229767"
},
{
"category": "self",
"summary": "SUSE Bug 1229768",
"url": "https://bugzilla.suse.com/1229768"
},
{
"category": "self",
"summary": "SUSE Bug 1229781",
"url": "https://bugzilla.suse.com/1229781"
},
{
"category": "self",
"summary": "SUSE Bug 1229784",
"url": "https://bugzilla.suse.com/1229784"
},
{
"category": "self",
"summary": "SUSE Bug 1229787",
"url": "https://bugzilla.suse.com/1229787"
},
{
"category": "self",
"summary": "SUSE Bug 1229788",
"url": "https://bugzilla.suse.com/1229788"
},
{
"category": "self",
"summary": "SUSE Bug 1229789",
"url": "https://bugzilla.suse.com/1229789"
},
{
"category": "self",
"summary": "SUSE Bug 1229792",
"url": "https://bugzilla.suse.com/1229792"
},
{
"category": "self",
"summary": "SUSE Bug 1229820",
"url": "https://bugzilla.suse.com/1229820"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4441 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47106 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47517 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47546 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38457 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38457/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40133 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48645 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48706 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48808 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48865 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48868 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48869 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48870 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48871 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48872 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48873 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48875 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48878 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48880 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48881 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48882 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48883 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48884 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48885 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48886 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48887 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48888 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48889 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48890 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48891 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48893 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48896 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48898 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48899 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48903 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48904 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48905 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48906 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48907 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48909 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48910 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48912 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48913 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48914 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48915 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48916 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48917 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48918 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48919 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48920 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48921 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48923 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48924 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48925 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48926 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48927 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48928 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48929 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48930 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48931 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48932 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48934 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48937 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48938 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48939 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48940 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48941 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48942 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48943 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3610 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52458 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52489 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52498 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52581 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52859 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52887 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52889 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52893 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52894 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52896 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52898 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52899 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52900 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52901 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52901/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52904 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52905 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52906 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52907 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52908 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52909 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52910 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52911 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52912 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52913 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26631 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26668 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26669 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26677 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26735 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26808 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26812 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26835 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26851 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27016 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27024 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27403 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-31076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-31076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35897 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35945 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35971 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36270 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36286 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36489 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36929 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36933 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36936 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36962 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38554 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38602 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38662 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39489 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40905 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40995 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41000 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41016 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41022 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41035 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41039 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41042 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41045 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41060 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41062 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41065 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41087 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41089 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41092 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41097 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41098 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42074 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42082 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42087 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42089 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42090 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42092 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42097 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42098 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42101 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42106 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42107 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42114 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42119 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42120 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42121 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42127 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42130 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42137 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42139 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42143 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42148 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42155 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42156 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42157 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42158 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42162 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42223 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42223/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42225 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42228 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42229 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42230 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42236 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42237 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42237/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42238 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42240 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42244 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42246 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42247 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42247/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42268 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42271 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42274 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42276 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42276/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42277 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42280 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42280/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42281 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42281/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42283 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42284 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42285 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42286 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42287 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42288 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42289 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42291 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42292 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42295 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42295/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42301 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42308 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42309 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42309/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42310 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42311 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42312 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42313 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42315 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42315/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42318 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42319 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42320 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42320/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42322 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43816 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43819 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43821 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43823 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43829 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43830 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43831 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43837 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43839 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43841 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43842 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43846 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43849 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43854 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43856 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43860 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43863 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43866 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43867 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43871 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43872 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43879 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43880 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43883 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43892 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43893 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43894 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43895 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43899 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43903 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43904 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43905 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43907 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43908 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43909 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44938 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44939 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44947/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2024-09-10T08:46:37Z",
"generator": {
"date": "2024-09-10T08:46:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3190-1",
"initial_release_date": "2024-09-10T08:46:37Z",
"revision_history": [
{
"date": "2024-09-10T08:46:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"product": {
"name": "cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"product_id": "cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"product": {
"name": "dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"product_id": "dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"product": {
"name": "gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"product_id": "gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-5.14.21-150500.33.66.1.aarch64",
"product": {
"name": "kernel-azure-5.14.21-150500.33.66.1.aarch64",
"product_id": "kernel-azure-5.14.21-150500.33.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"product": {
"name": "kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"product_id": "kernel-azure-devel-5.14.21-150500.33.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"product": {
"name": "kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"product_id": "kernel-azure-extra-5.14.21-150500.33.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"product": {
"name": "kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"product_id": "kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"product": {
"name": "kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"product_id": "kernel-azure-optional-5.14.21-150500.33.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"product": {
"name": "kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"product_id": "kernel-syms-azure-5.14.21-150500.33.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"product": {
"name": "kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"product_id": "kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"product": {
"name": "ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"product_id": "ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"product": {
"name": "reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"product_id": "reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"product": {
"name": "kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"product_id": "kernel-devel-azure-5.14.21-150500.33.66.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"product": {
"name": "kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"product_id": "kernel-source-azure-5.14.21-150500.33.66.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"product_id": "cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"product": {
"name": "dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"product_id": "dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"product_id": "gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-5.14.21-150500.33.66.1.x86_64",
"product": {
"name": "kernel-azure-5.14.21-150500.33.66.1.x86_64",
"product_id": "kernel-azure-5.14.21-150500.33.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"product": {
"name": "kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"product_id": "kernel-azure-devel-5.14.21-150500.33.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"product": {
"name": "kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"product_id": "kernel-azure-extra-5.14.21-150500.33.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"product": {
"name": "kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"product_id": "kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"product": {
"name": "kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"product_id": "kernel-azure-optional-5.14.21-150500.33.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"product": {
"name": "kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"product_id": "kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"product": {
"name": "kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"product_id": "kernel-syms-azure-5.14.21-150500.33.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"product_id": "kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"product_id": "ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"product": {
"name": "reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"product_id": "reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-5.14.21-150500.33.66.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "kernel-azure-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-5.14.21-150500.33.66.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "kernel-azure-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-5.14.21-150500.33.66.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-5.14.21-150500.33.66.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-5.14.21-150500.33.66.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch"
},
"product_reference": "kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-5.14.21-150500.33.66.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch"
},
"product_reference": "kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-5.14.21-150500.33.66.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-5.14.21-150500.33.66.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-5.14.21-150500.33.66.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "kernel-azure-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-5.14.21-150500.33.66.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "kernel-azure-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-5.14.21-150500.33.66.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-5.14.21-150500.33.66.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-5.14.21-150500.33.66.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-5.14.21-150500.33.66.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-5.14.21-150500.33.66.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-5.14.21-150500.33.66.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-5.14.21-150500.33.66.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch"
},
"product_reference": "kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-5.14.21-150500.33.66.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch"
},
"product_reference": "kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-5.14.21-150500.33.66.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-5.14.21-150500.33.66.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64"
},
"product_reference": "reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
},
"product_reference": "reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4441"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()\n\nIn zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(),\nwhich could lead to a NULL pointer dereference on failure of\nkzalloc().\n\nFix this bug by adding a check of tmpbuf.\n\nThis bug was found by a static analyzer. The analysis employs\ndifferential checking to identify inconsistent security operations\n(e.g., checks or kfrees) between two code paths and confirms that the\ninconsistent operations are not recovered in the current function or\nthe callers, so they constitute bugs.\n\nNote that, as a bug found by static analysis, it can be a false\npositive or hard to trigger. Multiple researchers have cross-reviewed\nthe bug.\n\nBuilds with CONFIG_SPI_ZYNQ_QSPI=m show no new warnings,\nand our static analyzer no longer warns about this code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4441",
"url": "https://www.suse.com/security/cve/CVE-2021-4441"
},
{
"category": "external",
"summary": "SUSE Bug 1229598 for CVE-2021-4441",
"url": "https://bugzilla.suse.com/1229598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2021-4441"
},
{
"cve": "CVE-2021-47106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()\n\nWe need to use list_for_each_entry_safe() iterator\nbecause we can not access @catchall after kfree_rcu() call.\n\nsyzbot reported:\n\nBUG: KASAN: use-after-free in nft_set_catchall_destroy net/netfilter/nf_tables_api.c:4486 [inline]\nBUG: KASAN: use-after-free in nft_set_destroy net/netfilter/nf_tables_api.c:4504 [inline]\nBUG: KASAN: use-after-free in nft_set_destroy+0x3fd/0x4f0 net/netfilter/nf_tables_api.c:4493\nRead of size 8 at addr ffff8880716e5b80 by task syz-executor.3/8871\n\nCPU: 1 PID: 8871 Comm: syz-executor.3 Not tainted 5.16.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x2ed mm/kasan/report.c:247\n __kasan_report mm/kasan/report.c:433 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:450\n nft_set_catchall_destroy net/netfilter/nf_tables_api.c:4486 [inline]\n nft_set_destroy net/netfilter/nf_tables_api.c:4504 [inline]\n nft_set_destroy+0x3fd/0x4f0 net/netfilter/nf_tables_api.c:4493\n __nft_release_table+0x79f/0xcd0 net/netfilter/nf_tables_api.c:9626\n nft_rcv_nl_event+0x4f8/0x670 net/netfilter/nf_tables_api.c:9688\n notifier_call_chain+0xb5/0x200 kernel/notifier.c:83\n blocking_notifier_call_chain kernel/notifier.c:318 [inline]\n blocking_notifier_call_chain+0x67/0x90 kernel/notifier.c:306\n netlink_release+0xcb6/0x1dd0 net/netlink/af_netlink.c:788\n __sock_release+0xcd/0x280 net/socket.c:649\n sock_close+0x18/0x20 net/socket.c:1314\n __fput+0x286/0x9f0 fs/file_table.c:280\n task_work_run+0xdd/0x1a0 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop kernel/entry/common.c:175 [inline]\n exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207\n __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]\n syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300\n do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f75fbf28adb\nCode: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44\nRSP: 002b:00007ffd8da7ec10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f75fbf28adb\nRDX: 00007f75fc08e828 RSI: ffffffffffffffff RDI: 0000000000000003\nRBP: 00007f75fc08a960 R08: 0000000000000000 R09: 00007f75fc08e830\nR10: 00007ffd8da7ed10 R11: 0000000000000293 R12: 00000000002067c3\nR13: 00007ffd8da7ed10 R14: 00007f75fc088f60 R15: 0000000000000032\n \u003c/TASK\u003e\n\nAllocated by task 8886:\n kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38\n kasan_set_track mm/kasan/common.c:46 [inline]\n set_alloc_info mm/kasan/common.c:434 [inline]\n ____kasan_kmalloc mm/kasan/common.c:513 [inline]\n ____kasan_kmalloc mm/kasan/common.c:472 [inline]\n __kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:522\n kasan_kmalloc include/linux/kasan.h:269 [inline]\n kmem_cache_alloc_trace+0x1ea/0x4a0 mm/slab.c:3575\n kmalloc include/linux/slab.h:590 [inline]\n nft_setelem_catchall_insert net/netfilter/nf_tables_api.c:5544 [inline]\n nft_setelem_insert net/netfilter/nf_tables_api.c:5562 [inline]\n nft_add_set_elem+0x232e/0x2f40 net/netfilter/nf_tables_api.c:5936\n nf_tables_newsetelem+0x6ff/0xbb0 net/netfilter/nf_tables_api.c:6032\n nfnetlink_rcv_batch+0x1710/0x25f0 net/netfilter/nfnetlink.c:513\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline]\n nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:652\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x904/0xdf0 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47106",
"url": "https://www.suse.com/security/cve/CVE-2021-47106"
},
{
"category": "external",
"summary": "SUSE Bug 1220962 for CVE-2021-47106",
"url": "https://bugzilla.suse.com/1220962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2021-47106"
},
{
"cve": "CVE-2021-47517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47517"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: do not perform operations on net devices being unregistered\n\nThere is a short period between a net device starts to be unregistered\nand when it is actually gone. In that time frame ethtool operations\ncould still be performed, which might end up in unwanted or undefined\nbehaviours[1].\n\nDo not allow ethtool operations after a net device starts its\nunregistration. This patch targets the netlink part as the ioctl one\nisn\u0027t affected: the reference to the net device is taken and the\noperation is executed within an rtnl lock section and the net device\nwon\u0027t be found after unregister.\n\n[1] For example adding Tx queues after unregister ends up in NULL\n pointer exceptions and UaFs, such as:\n\n BUG: KASAN: use-after-free in kobject_get+0x14/0x90\n Read of size 1 at addr ffff88801961248c by task ethtool/755\n\n CPU: 0 PID: 755 Comm: ethtool Not tainted 5.15.0-rc6+ #778\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/014\n Call Trace:\n dump_stack_lvl+0x57/0x72\n print_address_description.constprop.0+0x1f/0x140\n kasan_report.cold+0x7f/0x11b\n kobject_get+0x14/0x90\n kobject_add_internal+0x3d1/0x450\n kobject_init_and_add+0xba/0xf0\n netdev_queue_update_kobjects+0xcf/0x200\n netif_set_real_num_tx_queues+0xb4/0x310\n veth_set_channels+0x1c3/0x550\n ethnl_set_channels+0x524/0x610",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47517",
"url": "https://www.suse.com/security/cve/CVE-2021-47517"
},
{
"category": "external",
"summary": "SUSE Bug 1225428 for CVE-2021-47517",
"url": "https://bugzilla.suse.com/1225428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2021-47517"
},
{
"cve": "CVE-2021-47546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix memory leak in fib6_rule_suppress\n\nThe kernel leaks memory when a `fib` rule is present in IPv6 nftables\nfirewall rules and a suppress_prefix rule is present in the IPv6 routing\nrules (used by certain tools such as wg-quick). In such scenarios, every\nincoming packet will leak an allocation in `ip6_dst_cache` slab cache.\n\nAfter some hours of `bpftrace`-ing and source code reading, I tracked\ndown the issue to ca7a03c41753 (\"ipv6: do not free rt if\nFIB_LOOKUP_NOREF is set on suppress rule\").\n\nThe problem with that change is that the generic `args-\u003eflags` always have\n`FIB_LOOKUP_NOREF` set[1][2] but the IPv6-specific flag\n`RT6_LOOKUP_F_DST_NOREF` might not be, leading to `fib6_rule_suppress` not\ndecreasing the refcount when needed.\n\nHow to reproduce:\n - Add the following nftables rule to a prerouting chain:\n meta nfproto ipv6 fib saddr . mark . iif oif missing drop\n This can be done with:\n sudo nft create table inet test\n sudo nft create chain inet test test_chain \u0027{ type filter hook prerouting priority filter + 10; policy accept; }\u0027\n sudo nft add rule inet test test_chain meta nfproto ipv6 fib saddr . mark . iif oif missing drop\n - Run:\n sudo ip -6 rule add table main suppress_prefixlength 0\n - Watch `sudo slabtop -o | grep ip6_dst_cache` to see memory usage increase\n with every incoming ipv6 packet.\n\nThis patch exposes the protocol-specific flags to the protocol\nspecific `suppress` function, and check the protocol-specific `flags`\nargument for RT6_LOOKUP_F_DST_NOREF instead of the generic\nFIB_LOOKUP_NOREF when decreasing the refcount, like this.\n\n[1]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L71\n[2]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L99",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47546",
"url": "https://www.suse.com/security/cve/CVE-2021-47546"
},
{
"category": "external",
"summary": "SUSE Bug 1225504 for CVE-2021-47546",
"url": "https://bugzilla.suse.com/1225504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "low"
}
],
"title": "CVE-2021-47546"
},
{
"cve": "CVE-2022-38457",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38457"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_cmd_res_check\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38457",
"url": "https://www.suse.com/security/cve/CVE-2022-38457"
},
{
"category": "external",
"summary": "SUSE Bug 1203330 for CVE-2022-38457",
"url": "https://bugzilla.suse.com/1203330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-38457"
},
{
"cve": "CVE-2022-40133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40133"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_execbuf_tie_context\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40133",
"url": "https://www.suse.com/security/cve/CVE-2022-40133"
},
{
"category": "external",
"summary": "SUSE Bug 1203329 for CVE-2022-40133",
"url": "https://bugzilla.suse.com/1203329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-40133"
},
{
"cve": "CVE-2022-48645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48645"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: deny offload of tc-based TSN features on VF interfaces\n\nTSN features on the ENETC (taprio, cbs, gate, police) are configured\nthrough a mix of command BD ring messages and port registers:\nenetc_port_rd(), enetc_port_wr().\n\nPort registers are a region of the ENETC memory map which are only\naccessible from the PCIe Physical Function. They are not accessible from\nthe Virtual Functions.\n\nMoreover, attempting to access these registers crashes the kernel:\n\n$ echo 1 \u003e /sys/bus/pci/devices/0000\\:00\\:00.0/sriov_numvfs\npci 0000:00:01.0: [1957:ef00] type 00 class 0x020001\nfsl_enetc_vf 0000:00:01.0: Adding to iommu group 15\nfsl_enetc_vf 0000:00:01.0: enabling device (0000 -\u003e 0002)\nfsl_enetc_vf 0000:00:01.0 eno0vf0: renamed from eth0\n$ tc qdisc replace dev eno0vf0 root taprio num_tc 8 map 0 1 2 3 4 5 6 7 \\\n\tqueues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \\\n\tsched-entry S 0x7f 900000 sched-entry S 0x80 100000 flags 0x2\nUnable to handle kernel paging request at virtual address ffff800009551a08\nInternal error: Oops: 96000007 [#1] PREEMPT SMP\npc : enetc_setup_tc_taprio+0x170/0x47c\nlr : enetc_setup_tc_taprio+0x16c/0x47c\nCall trace:\n enetc_setup_tc_taprio+0x170/0x47c\n enetc_setup_tc+0x38/0x2dc\n taprio_change+0x43c/0x970\n taprio_init+0x188/0x1e0\n qdisc_create+0x114/0x470\n tc_modify_qdisc+0x1fc/0x6c0\n rtnetlink_rcv_msg+0x12c/0x390\n\nSplit enetc_setup_tc() into separate functions for the PF and for the\nVF drivers. Also remove enetc_qos.o from being included into\nenetc-vf.ko, since it serves absolutely no purpose there.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48645",
"url": "https://www.suse.com/security/cve/CVE-2022-48645"
},
{
"category": "external",
"summary": "SUSE Bug 1223508 for CVE-2022-48645",
"url": "https://bugzilla.suse.com/1223508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48645"
},
{
"cve": "CVE-2022-48706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: ifcvf: Do proper cleanup if IFCVF init fails\n\nifcvf_mgmt_dev leaks memory if it is not freed before\nreturning. Call is made to correct return statement\nso memory does not leak. ifcvf_init_hw does not take\ncare of this so it is needed to do it here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48706",
"url": "https://www.suse.com/security/cve/CVE-2022-48706"
},
{
"category": "external",
"summary": "SUSE Bug 1225524 for CVE-2022-48706",
"url": "https://bugzilla.suse.com/1225524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48706"
},
{
"cve": "CVE-2022-48808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48808"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix panic when DSA master device unbinds on shutdown\n\nRafael reports that on a system with LX2160A and Marvell DSA switches,\nif a reboot occurs while the DSA master (dpaa2-eth) is up, the following\npanic can be seen:\n\nsystemd-shutdown[1]: Rebooting.\nUnable to handle kernel paging request at virtual address 00a0000800000041\n[00a0000800000041] address between user and kernel address ranges\nInternal error: Oops: 96000004 [#1] PREEMPT SMP\nCPU: 6 PID: 1 Comm: systemd-shutdow Not tainted 5.16.5-00042-g8f5585009b24 #32\npc : dsa_slave_netdevice_event+0x130/0x3e4\nlr : raw_notifier_call_chain+0x50/0x6c\nCall trace:\n dsa_slave_netdevice_event+0x130/0x3e4\n raw_notifier_call_chain+0x50/0x6c\n call_netdevice_notifiers_info+0x54/0xa0\n __dev_close_many+0x50/0x130\n dev_close_many+0x84/0x120\n unregister_netdevice_many+0x130/0x710\n unregister_netdevice_queue+0x8c/0xd0\n unregister_netdev+0x20/0x30\n dpaa2_eth_remove+0x68/0x190\n fsl_mc_driver_remove+0x20/0x5c\n __device_release_driver+0x21c/0x220\n device_release_driver_internal+0xac/0xb0\n device_links_unbind_consumers+0xd4/0x100\n __device_release_driver+0x94/0x220\n device_release_driver+0x28/0x40\n bus_remove_device+0x118/0x124\n device_del+0x174/0x420\n fsl_mc_device_remove+0x24/0x40\n __fsl_mc_device_remove+0xc/0x20\n device_for_each_child+0x58/0xa0\n dprc_remove+0x90/0xb0\n fsl_mc_driver_remove+0x20/0x5c\n __device_release_driver+0x21c/0x220\n device_release_driver+0x28/0x40\n bus_remove_device+0x118/0x124\n device_del+0x174/0x420\n fsl_mc_bus_remove+0x80/0x100\n fsl_mc_bus_shutdown+0xc/0x1c\n platform_shutdown+0x20/0x30\n device_shutdown+0x154/0x330\n __do_sys_reboot+0x1cc/0x250\n __arm64_sys_reboot+0x20/0x30\n invoke_syscall.constprop.0+0x4c/0xe0\n do_el0_svc+0x4c/0x150\n el0_svc+0x24/0xb0\n el0t_64_sync_handler+0xa8/0xb0\n el0t_64_sync+0x178/0x17c\n\nIt can be seen from the stack trace that the problem is that the\nderegistration of the master causes a dev_close(), which gets notified\nas NETDEV_GOING_DOWN to dsa_slave_netdevice_event().\nBut dsa_switch_shutdown() has already run, and this has unregistered the\nDSA slave interfaces, and yet, the NETDEV_GOING_DOWN handler attempts to\ncall dev_close_many() on those slave interfaces, leading to the problem.\n\nThe previous attempt to avoid the NETDEV_GOING_DOWN on the master after\ndsa_switch_shutdown() was called seems improper. Unregistering the slave\ninterfaces is unnecessary and unhelpful. Instead, after the slaves have\nstopped being uppers of the DSA master, we can now reset to NULL the\nmaster-\u003edsa_ptr pointer, which will make DSA start ignoring all future\nnotifier events on the master.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48808",
"url": "https://www.suse.com/security/cve/CVE-2022-48808"
},
{
"category": "external",
"summary": "SUSE Bug 1227958 for CVE-2022-48808",
"url": "https://bugzilla.suse.com/1227958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "low"
}
],
"title": "CVE-2022-48808"
},
{
"cve": "CVE-2022-48865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix kernel panic when enabling bearer\n\nWhen enabling a bearer on a node, a kernel panic is observed:\n\n[ 4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc]\n...\n[ 4.520030] Call Trace:\n[ 4.520689] \u003cIRQ\u003e\n[ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc]\n[ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc]\n[ 4.524034] __tipc_node_link_up+0xd7/0x290 [tipc]\n[ 4.525292] tipc_rcv+0x5da/0x730 [tipc]\n[ 4.526346] ? __netif_receive_skb_core+0xb7/0xfc0\n[ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc]\n[ 4.528737] __netif_receive_skb_list_core+0x20b/0x260\n[ 4.530068] netif_receive_skb_list_internal+0x1bf/0x2e0\n[ 4.531450] ? dev_gro_receive+0x4c2/0x680\n[ 4.532512] napi_complete_done+0x6f/0x180\n[ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net]\n...\n\nThe node in question is receiving activate messages in another\nthread after changing bearer status to allow message sending/\nreceiving in current thread:\n\n thread 1 | thread 2\n -------- | --------\n |\ntipc_enable_bearer() |\n test_and_set_bit_lock() |\n tipc_bearer_xmit_skb() |\n | tipc_l2_rcv_msg()\n | tipc_rcv()\n | __tipc_node_link_up()\n | tipc_link_build_state_msg()\n | tipc_link_build_proto_msg()\n | tipc_mon_prep()\n | {\n | ...\n | // null-pointer dereference\n | u16 gen = mon-\u003edom_gen;\n | ...\n | }\n // Not being executed yet |\n tipc_mon_create() |\n { |\n ... |\n // allocate |\n mon = kzalloc(); |\n ... |\n } |\n\nMonitoring pointer in thread 2 is dereferenced before monitoring data\nis allocated in thread 1. This causes kernel panic.\n\nThis commit fixes it by allocating the monitoring data before enabling\nthe bearer to receive messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48865",
"url": "https://www.suse.com/security/cve/CVE-2022-48865"
},
{
"category": "external",
"summary": "SUSE Bug 1228065 for CVE-2022-48865",
"url": "https://bugzilla.suse.com/1228065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48865"
},
{
"cve": "CVE-2022-48868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48868"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Let probe fail when workqueue cannot be enabled\n\nThe workqueue is enabled when the appropriate driver is loaded and\ndisabled when the driver is removed. When the driver is removed it\nassumes that the workqueue was enabled successfully and proceeds to\nfree allocations made during workqueue enabling.\n\nFailure during workqueue enabling does not prevent the driver from\nbeing loaded. This is because the error path within drv_enable_wq()\nreturns success unless a second failure is encountered\nduring the error path. By returning success it is possible to load\nthe driver even if the workqueue cannot be enabled and\nallocations that do not exist are attempted to be freed during\ndriver remove.\n\nSome examples of problematic flows:\n(a)\n\n idxd_dmaengine_drv_probe() -\u003e drv_enable_wq() -\u003e idxd_wq_request_irq():\n In above flow, if idxd_wq_request_irq() fails then\n idxd_wq_unmap_portal() is called on error exit path, but\n drv_enable_wq() returns 0 because idxd_wq_disable() succeeds. The\n driver is thus loaded successfully.\n\n idxd_dmaengine_drv_remove()-\u003edrv_disable_wq()-\u003eidxd_wq_unmap_portal()\n Above flow on driver unload triggers the WARN in devm_iounmap() because\n the device resource has already been removed during error path of\n drv_enable_wq().\n\n(b)\n\n idxd_dmaengine_drv_probe() -\u003e drv_enable_wq() -\u003e idxd_wq_request_irq():\n In above flow, if idxd_wq_request_irq() fails then\n idxd_wq_init_percpu_ref() is never called to initialize the percpu\n counter, yet the driver loads successfully because drv_enable_wq()\n returns 0.\n\n idxd_dmaengine_drv_remove()-\u003e__idxd_wq_quiesce()-\u003epercpu_ref_kill():\n Above flow on driver unload triggers a BUG when attempting to drop the\n initial ref of the uninitialized percpu ref:\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n\nFix the drv_enable_wq() error path by returning the original error that\nindicates failure of workqueue enabling. This ensures that the probe\nfails when an error is encountered and the driver remove paths are only\nattempted when the workqueue was enabled successfully.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48868",
"url": "https://www.suse.com/security/cve/CVE-2022-48868"
},
{
"category": "external",
"summary": "SUSE Bug 1229506 for CVE-2022-48868",
"url": "https://bugzilla.suse.com/1229506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48868"
},
{
"cve": "CVE-2022-48869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadgetfs: Fix race between mounting and unmounting\n\nThe syzbot fuzzer and Gerald Lee have identified a use-after-free bug\nin the gadgetfs driver, involving processes concurrently mounting and\nunmounting the gadgetfs filesystem. In particular, gadgetfs_fill_super()\ncan race with gadgetfs_kill_sb(), causing the latter to deallocate\nthe_device while the former is using it. The output from KASAN says,\nin part:\n\nBUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:102 [inline]\nBUG: KASAN: use-after-free in atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline]\nBUG: KASAN: use-after-free in __refcount_sub_and_test include/linux/refcount.h:272 [inline]\nBUG: KASAN: use-after-free in __refcount_dec_and_test include/linux/refcount.h:315 [inline]\nBUG: KASAN: use-after-free in refcount_dec_and_test include/linux/refcount.h:333 [inline]\nBUG: KASAN: use-after-free in put_dev drivers/usb/gadget/legacy/inode.c:159 [inline]\nBUG: KASAN: use-after-free in gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086\nWrite of size 4 at addr ffff8880276d7840 by task syz-executor126/18689\n\nCPU: 0 PID: 18689 Comm: syz-executor126 Not tainted 6.1.0-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n \u003cTASK\u003e\n...\n atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline]\n __refcount_sub_and_test include/linux/refcount.h:272 [inline]\n __refcount_dec_and_test include/linux/refcount.h:315 [inline]\n refcount_dec_and_test include/linux/refcount.h:333 [inline]\n put_dev drivers/usb/gadget/legacy/inode.c:159 [inline]\n gadgetfs_kill_sb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n vfs_get_super fs/super.c:1190 [inline]\n get_tree_single+0xd0/0x160 fs/super.c:1207\n vfs_get_tree+0x88/0x270 fs/super.c:1531\n vfs_fsconfig_locked fs/fsopen.c:232 [inline]\n\nThe simplest solution is to ensure that gadgetfs_fill_super() and\ngadgetfs_kill_sb() are serialized by making them both acquire a new\nmutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48869",
"url": "https://www.suse.com/security/cve/CVE-2022-48869"
},
{
"category": "external",
"summary": "SUSE Bug 1229507 for CVE-2022-48869",
"url": "https://bugzilla.suse.com/1229507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48869"
},
{
"cve": "CVE-2022-48870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: fix possible null-ptr-defer in spk_ttyio_release\n\nRun the following tests on the qemu platform:\n\nsyzkaller:~# modprobe speakup_audptr\n input: Speakup as /devices/virtual/input/input4\n initialized device: /dev/synth, node (MAJOR 10, MINOR 125)\n speakup 3.1.6: initialized\n synth name on entry is: (null)\n synth probe\n\nspk_ttyio_initialise_ldisc failed because tty_kopen_exclusive returned\nfailed (errno -16), then remove the module, we will get a null-ptr-defer\nproblem, as follow:\n\nsyzkaller:~# modprobe -r speakup_audptr\n releasing synth audptr\n BUG: kernel NULL pointer dereference, address: 0000000000000080\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] PREEMPT SMP PTI\n CPU: 2 PID: 204 Comm: modprobe Not tainted 6.1.0-rc6-dirty #1\n RIP: 0010:mutex_lock+0x14/0x30\n Call Trace:\n \u003cTASK\u003e\n spk_ttyio_release+0x19/0x70 [speakup]\n synth_release.part.6+0xac/0xc0 [speakup]\n synth_remove+0x56/0x60 [speakup]\n __x64_sys_delete_module+0x156/0x250\n ? fpregs_assert_state_consistent+0x1d/0x50\n do_syscall_64+0x37/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e\n Modules linked in: speakup_audptr(-) speakup\n Dumping ftrace buffer:\n\nin_synth-\u003edev was not initialized during modprobe, so we add check\nfor in_synth-\u003edev to fix this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48870",
"url": "https://www.suse.com/security/cve/CVE-2022-48870"
},
{
"category": "external",
"summary": "SUSE Bug 1229508 for CVE-2022-48870",
"url": "https://bugzilla.suse.com/1229508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48870"
},
{
"cve": "CVE-2022-48871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer\n\nDriver\u0027s probe allocates memory for RX FIFO (port-\u003erx_fifo) based on\ndefault RX FIFO depth, e.g. 16. Later during serial startup the\nqcom_geni_serial_port_setup() updates the RX FIFO depth\n(port-\u003erx_fifo_depth) to match real device capabilities, e.g. to 32.\n\nThe RX UART handle code will read \"port-\u003erx_fifo_depth\" number of words\ninto \"port-\u003erx_fifo\" buffer, thus exceeding the bounds. This can be\nobserved in certain configurations with Qualcomm Bluetooth HCI UART\ndevice and KASAN:\n\n Bluetooth: hci0: QCA Product ID :0x00000010\n Bluetooth: hci0: QCA SOC Version :0x400a0200\n Bluetooth: hci0: QCA ROM Version :0x00000200\n Bluetooth: hci0: QCA Patch Version:0x00000d2b\n Bluetooth: hci0: QCA controller version 0x02000200\n Bluetooth: hci0: QCA Downloading qca/htbtfw20.tlv\n bluetooth hci0: Direct firmware load for qca/htbtfw20.tlv failed with error -2\n Bluetooth: hci0: QCA Failed to request file: qca/htbtfw20.tlv (-2)\n Bluetooth: hci0: QCA Failed to download patch (-2)\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in handle_rx_uart+0xa8/0x18c\n Write of size 4 at addr ffff279347d578c0 by task swapper/0/0\n\n CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-rt5-00350-gb2450b7e00be-dirty #26\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n Call trace:\n dump_backtrace.part.0+0xe0/0xf0\n show_stack+0x18/0x40\n dump_stack_lvl+0x8c/0xb8\n print_report+0x188/0x488\n kasan_report+0xb4/0x100\n __asan_store4+0x80/0xa4\n handle_rx_uart+0xa8/0x18c\n qcom_geni_serial_handle_rx+0x84/0x9c\n qcom_geni_serial_isr+0x24c/0x760\n __handle_irq_event_percpu+0x108/0x500\n handle_irq_event+0x6c/0x110\n handle_fasteoi_irq+0x138/0x2cc\n generic_handle_domain_irq+0x48/0x64\n\nIf the RX FIFO depth changes after probe, be sure to resize the buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48871",
"url": "https://www.suse.com/security/cve/CVE-2022-48871"
},
{
"category": "external",
"summary": "SUSE Bug 1229509 for CVE-2022-48871",
"url": "https://bugzilla.suse.com/1229509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48871"
},
{
"cve": "CVE-2022-48872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48872"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix use-after-free race condition for maps\n\nIt is possible that in between calling fastrpc_map_get() until\nmap-\u003efl-\u003elock is taken in fastrpc_free_map(), another thread can call\nfastrpc_map_lookup() and get a reference to a map that is about to be\ndeleted.\n\nRewrite fastrpc_map_get() to only increase the reference count of a map\nif it\u0027s non-zero. Propagate this to callers so they can know if a map is\nabout to be deleted.\n\nFixes this warning:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate\n...\nCall trace:\n refcount_warn_saturate\n [fastrpc_map_get inlined]\n [fastrpc_map_lookup inlined]\n fastrpc_map_create\n fastrpc_internal_invoke\n fastrpc_device_ioctl\n __arm64_sys_ioctl\n invoke_syscall",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48872",
"url": "https://www.suse.com/security/cve/CVE-2022-48872"
},
{
"category": "external",
"summary": "SUSE Bug 1229510 for CVE-2022-48872",
"url": "https://bugzilla.suse.com/1229510"
},
{
"category": "external",
"summary": "SUSE Bug 1229519 for CVE-2022-48872",
"url": "https://bugzilla.suse.com/1229519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2022-48872"
},
{
"cve": "CVE-2022-48873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Don\u0027t remove map on creater_process and device_release\n\nDo not remove the map from the list on error path in\nfastrpc_init_create_process, instead call fastrpc_map_put, to avoid\nuse-after-free. Do not remove it on fastrpc_device_release either,\ncall fastrpc_map_put instead.\n\nThe fastrpc_free_map is the only proper place to remove the map.\nThis is called only after the reference count is 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48873",
"url": "https://www.suse.com/security/cve/CVE-2022-48873"
},
{
"category": "external",
"summary": "SUSE Bug 1229512 for CVE-2022-48873",
"url": "https://bugzilla.suse.com/1229512"
},
{
"category": "external",
"summary": "SUSE Bug 1229513 for CVE-2022-48873",
"url": "https://bugzilla.suse.com/1229513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2022-48873"
},
{
"cve": "CVE-2022-48875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: sdata can be NULL during AMPDU start\n\nieee80211_tx_ba_session_handle_start() may get NULL for sdata when a\ndeauthentication is ongoing.\n\nHere a trace triggering the race with the hostapd test\nmulti_ap_fronthaul_on_ap:\n\n(gdb) list *drv_ampdu_action+0x46\n0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396).\n391 int ret = -EOPNOTSUPP;\n392\n393 might_sleep();\n394\n395 sdata = get_bss_sdata(sdata);\n396 if (!check_sdata_in_driver(sdata))\n397 return -EIO;\n398\n399 trace_drv_ampdu_action(local, sdata, params);\n400\n\nwlan0: moving STA 02:00:00:00:03:00 to state 3\nwlan0: associated\nwlan0: deauthenticating from 02:00:00:00:03:00 by local choice (Reason: 3=DEAUTH_LEAVING)\nwlan3.sta1: Open BA session requested for 02:00:00:00:00:00 tid 0\nwlan3.sta1: dropped frame to 02:00:00:00:00:00 (unauthorized port)\nwlan0: moving STA 02:00:00:00:03:00 to state 2\nwlan0: moving STA 02:00:00:00:03:00 to state 1\nwlan0: Removed STA 02:00:00:00:03:00\nwlan0: Destroyed STA 02:00:00:00:03:00\nBUG: unable to handle page fault for address: fffffffffffffb48\nPGD 11814067 P4D 11814067 PUD 11816067 PMD 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 2 PID: 133397 Comm: kworker/u16:1 Tainted: G W 6.1.0-rc8-wt+ #59\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\nWorkqueue: phy3 ieee80211_ba_session_work [mac80211]\nRIP: 0010:drv_ampdu_action+0x46/0x280 [mac80211]\nCode: 53 48 89 f3 be 89 01 00 00 e8 d6 43 bf ef e8 21 46 81 f0 83 bb a0 1b 00 00 04 75 0e 48 8b 9b 28 0d 00 00 48 81 eb 10 0e 00 00 \u003c8b\u003e 93 58 09 00 00 f6 c2 20 0f 84 3b 01 00 00 8b 05 dd 1c 0f 00 85\nRSP: 0018:ffffc900025ebd20 EFLAGS: 00010287\nRAX: 0000000000000000 RBX: fffffffffffff1f0 RCX: ffff888102228240\nRDX: 0000000080000000 RSI: ffffffff918c5de0 RDI: ffff888102228b40\nRBP: ffffc900025ebd40 R08: 0000000000000001 R09: 0000000000000001\nR10: 0000000000000001 R11: 0000000000000000 R12: ffff888118c18ec0\nR13: 0000000000000000 R14: ffffc900025ebd60 R15: ffff888018b7efb8\nFS: 0000000000000000(0000) GS:ffff88817a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: fffffffffffffb48 CR3: 0000000105228006 CR4: 0000000000170ee0\nCall Trace:\n \u003cTASK\u003e\n ieee80211_tx_ba_session_handle_start+0xd0/0x190 [mac80211]\n ieee80211_ba_session_work+0xff/0x2e0 [mac80211]\n process_one_work+0x29f/0x620\n worker_thread+0x4d/0x3d0\n ? process_one_work+0x620/0x620\n kthread+0xfb/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48875",
"url": "https://www.suse.com/security/cve/CVE-2022-48875"
},
{
"category": "external",
"summary": "SUSE Bug 1229516 for CVE-2022-48875",
"url": "https://bugzilla.suse.com/1229516"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48875"
},
{
"cve": "CVE-2022-48878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_qca: Fix driver shutdown on closed serdev\n\nThe driver shutdown callback (which sends EDL_SOC_RESET to the device\nover serdev) should not be invoked when HCI device is not open (e.g. if\nhci_dev_open_sync() failed), because the serdev and its TTY are not open\neither. Also skip this step if device is powered off\n(qca_power_shutdown()).\n\nThe shutdown callback causes use-after-free during system reboot with\nQualcomm Atheros Bluetooth:\n\n Unable to handle kernel paging request at virtual address\n 0072662f67726fd7\n ...\n CPU: 6 PID: 1 Comm: systemd-shutdow Tainted: G W\n 6.1.0-rt5-00325-g8a5f56bcfcca #8\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n Call trace:\n tty_driver_flush_buffer+0x4/0x30\n serdev_device_write_flush+0x24/0x34\n qca_serdev_shutdown+0x80/0x130 [hci_uart]\n device_shutdown+0x15c/0x260\n kernel_restart+0x48/0xac\n\nKASAN report:\n\n BUG: KASAN: use-after-free in tty_driver_flush_buffer+0x1c/0x50\n Read of size 8 at addr ffff16270c2e0018 by task systemd-shutdow/1\n\n CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted\n 6.1.0-next-20221220-00014-gb85aaf97fb01-dirty #28\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n Call trace:\n dump_backtrace.part.0+0xdc/0xf0\n show_stack+0x18/0x30\n dump_stack_lvl+0x68/0x84\n print_report+0x188/0x488\n kasan_report+0xa4/0xf0\n __asan_load8+0x80/0xac\n tty_driver_flush_buffer+0x1c/0x50\n ttyport_write_flush+0x34/0x44\n serdev_device_write_flush+0x48/0x60\n qca_serdev_shutdown+0x124/0x274\n device_shutdown+0x1e8/0x350\n kernel_restart+0x48/0xb0\n __do_sys_reboot+0x244/0x2d0\n __arm64_sys_reboot+0x54/0x70\n invoke_syscall+0x60/0x190\n el0_svc_common.constprop.0+0x7c/0x160\n do_el0_svc+0x44/0xf0\n el0_svc+0x2c/0x6c\n el0t_64_sync_handler+0xbc/0x140\n el0t_64_sync+0x190/0x194",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48878",
"url": "https://www.suse.com/security/cve/CVE-2022-48878"
},
{
"category": "external",
"summary": "SUSE Bug 1229554 for CVE-2022-48878",
"url": "https://bugzilla.suse.com/1229554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48878"
},
{
"cve": "CVE-2022-48880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48880"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/surface: aggregator: Add missing call to ssam_request_sync_free()\n\nAlthough rare, ssam_request_sync_init() can fail. In that case, the\nrequest should be freed via ssam_request_sync_free(). Currently it is\nleaked instead. Fix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48880",
"url": "https://www.suse.com/security/cve/CVE-2022-48880"
},
{
"category": "external",
"summary": "SUSE Bug 1229557 for CVE-2022-48880",
"url": "https://bugzilla.suse.com/1229557"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48880"
},
{
"cve": "CVE-2022-48881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd: Fix refcount leak in amd_pmc_probe\n\npci_get_domain_bus_and_slot() takes reference, the caller should release\nthe reference by calling pci_dev_put() after use. Call pci_dev_put() in\nthe error path to fix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48881",
"url": "https://www.suse.com/security/cve/CVE-2022-48881"
},
{
"category": "external",
"summary": "SUSE Bug 1229559 for CVE-2022-48881",
"url": "https://bugzilla.suse.com/1229559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48881"
},
{
"cve": "CVE-2022-48882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)\n\nUpon updating MAC security entity (SecY) in hw offload path, the macsec\nsecurity association (SA) initialization routine is called. In case of\nextended packet number (epn) is enabled the salt and ssci attributes are\nretrieved using the MACsec driver rx_sa context which is unavailable when\nupdating a SecY property such as encoding-sa hence the null dereference.\nFix by using the provided SA to set those attributes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48882",
"url": "https://www.suse.com/security/cve/CVE-2022-48882"
},
{
"category": "external",
"summary": "SUSE Bug 1229558 for CVE-2022-48882",
"url": "https://bugzilla.suse.com/1229558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48882"
},
{
"cve": "CVE-2022-48883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent\n\nA user is able to configure an arbitrary number of rx queues when\ncreating an interface via netlink. This doesn\u0027t work for child PKEY\ninterfaces because the child interface uses the parent receive channels.\n\nAlthough the child shares the parent\u0027s receive channels, the number of\nrx queues is important for the channel_stats array: the parent\u0027s rx\nchannel index is used to access the child\u0027s channel_stats. So the array\nhas to be at least as large as the parent\u0027s rx queue size for the\ncounting to work correctly and to prevent out of bound accesses.\n\nThis patch checks for the mentioned scenario and returns an error when\ntrying to create the interface. The error is propagated to the user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48883",
"url": "https://www.suse.com/security/cve/CVE-2022-48883"
},
{
"category": "external",
"summary": "SUSE Bug 1229560 for CVE-2022-48883",
"url": "https://bugzilla.suse.com/1229560"
},
{
"category": "external",
"summary": "SUSE Bug 1229561 for CVE-2022-48883",
"url": "https://bugzilla.suse.com/1229561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2022-48883"
},
{
"cve": "CVE-2022-48884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix command stats access after free\n\nCommand may fail while driver is reloading and can\u0027t accept FW commands\ntill command interface is reinitialized. Such command failure is being\nlogged to command stats. This results in NULL pointer access as command\nstats structure is being freed and reallocated during mlx5 devlink\nreload (see kernel log below).\n\nFix it by making command stats statically allocated on driver probe.\n\nKernel log:\n[ 2394.808802] BUG: unable to handle kernel paging request at 000000000002a9c0\n[ 2394.810610] PGD 0 P4D 0\n[ 2394.811811] Oops: 0002 [#1] SMP NOPTI\n...\n[ 2394.815482] RIP: 0010:native_queued_spin_lock_slowpath+0x183/0x1d0\n...\n[ 2394.829505] Call Trace:\n[ 2394.830667] _raw_spin_lock_irq+0x23/0x26\n[ 2394.831858] cmd_status_err+0x55/0x110 [mlx5_core]\n[ 2394.833020] mlx5_access_reg+0xe7/0x150 [mlx5_core]\n[ 2394.834175] mlx5_query_port_ptys+0x78/0xa0 [mlx5_core]\n[ 2394.835337] mlx5e_ethtool_get_link_ksettings+0x74/0x590 [mlx5_core]\n[ 2394.836454] ? kmem_cache_alloc_trace+0x140/0x1c0\n[ 2394.837562] __rh_call_get_link_ksettings+0x33/0x100\n[ 2394.838663] ? __rtnl_unlock+0x25/0x50\n[ 2394.839755] __ethtool_get_link_ksettings+0x72/0x150\n[ 2394.840862] duplex_show+0x6e/0xc0\n[ 2394.841963] dev_attr_show+0x1c/0x40\n[ 2394.843048] sysfs_kf_seq_show+0x9b/0x100\n[ 2394.844123] seq_read+0x153/0x410\n[ 2394.845187] vfs_read+0x91/0x140\n[ 2394.846226] ksys_read+0x4f/0xb0\n[ 2394.847234] do_syscall_64+0x5b/0x1a0\n[ 2394.848228] entry_SYSCALL_64_after_hwframe+0x65/0xca",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48884",
"url": "https://www.suse.com/security/cve/CVE-2022-48884"
},
{
"category": "external",
"summary": "SUSE Bug 1229562 for CVE-2022-48884",
"url": "https://bugzilla.suse.com/1229562"
},
{
"category": "external",
"summary": "SUSE Bug 1229563 for CVE-2022-48884",
"url": "https://bugzilla.suse.com/1229563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2022-48884"
},
{
"cve": "CVE-2022-48885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix potential memory leak in ice_gnss_tty_write()\n\nThe ice_gnss_tty_write() return directly if the write_buf alloc failed,\nleaking the cmd_buf.\n\nFix by free cmd_buf if write_buf alloc failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48885",
"url": "https://www.suse.com/security/cve/CVE-2022-48885"
},
{
"category": "external",
"summary": "SUSE Bug 1229564 for CVE-2022-48885",
"url": "https://bugzilla.suse.com/1229564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48885"
},
{
"cve": "CVE-2022-48886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add check for kzalloc\n\nAdd the check for the return value of kzalloc in order to avoid\nNULL pointer dereference.\nMoreover, use the goto-label to share the clean code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48886",
"url": "https://www.suse.com/security/cve/CVE-2022-48886"
},
{
"category": "external",
"summary": "SUSE Bug 1229548 for CVE-2022-48886",
"url": "https://bugzilla.suse.com/1229548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48886"
},
{
"cve": "CVE-2022-48887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Remove rcu locks from user resources\n\nUser resource lookups used rcu to avoid two extra atomics. Unfortunately\nthe rcu paths were buggy and it was easy to make the driver crash by\nsubmitting command buffers from two different threads. Because the\nlookups never show up in performance profiles replace them with a\nregular spin lock which fixes the races in accesses to those shared\nresources.\n\nFixes kernel oops\u0027es in IGT\u0027s vmwgfx execution_buffer stress test and\nseen crashes with apps using shared resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48887",
"url": "https://www.suse.com/security/cve/CVE-2022-48887"
},
{
"category": "external",
"summary": "SUSE Bug 1229547 for CVE-2022-48887",
"url": "https://bugzilla.suse.com/1229547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48887"
},
{
"cve": "CVE-2022-48888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path\n\nof_icc_get() alloc resources for path1, we should release it when not\nneed anymore. Early return when IS_ERR_OR_NULL(path0) may leak path1.\nDefer getting path1 to fix this.\n\nPatchwork: https://patchwork.freedesktop.org/patch/514264/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48888",
"url": "https://www.suse.com/security/cve/CVE-2022-48888"
},
{
"category": "external",
"summary": "SUSE Bug 1229546 for CVE-2022-48888",
"url": "https://bugzilla.suse.com/1229546"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48888"
},
{
"cve": "CVE-2022-48889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: sof-nau8825: fix module alias overflow\n\nThe maximum name length for a platform_device_id entry is 20 characters\nincluding the trailing NUL byte. The sof_nau8825.c file exceeds that,\nwhich causes an obscure error message:\n\nsound/soc/intel/boards/snd-soc-sof_nau8825.mod.c:35:45: error: illegal character encoding in string literal [-Werror,-Winvalid-source-encoding]\nMODULE_ALIAS(\"platform:adl_max98373_nau8825\u003cU+0018\u003e\u003cAA\u003e\");\n ^~~~\ninclude/linux/module.h:168:49: note: expanded from macro \u0027MODULE_ALIAS\u0027\n ^~~~~~\ninclude/linux/module.h:165:56: note: expanded from macro \u0027MODULE_INFO\u0027\n ^~~~\ninclude/linux/moduleparam.h:26:47: note: expanded from macro \u0027__MODULE_INFO\u0027\n = __MODULE_INFO_PREFIX __stringify(tag) \"=\" info\n\nI could not figure out how to make the module handling robust enough\nto handle this better, but as a quick fix, using slightly shorter\nnames that are still unique avoids the build issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48889",
"url": "https://www.suse.com/security/cve/CVE-2022-48889"
},
{
"category": "external",
"summary": "SUSE Bug 1229545 for CVE-2022-48889",
"url": "https://bugzilla.suse.com/1229545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48889"
},
{
"cve": "CVE-2022-48890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM\n\nstorvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(),\nwhich in a confidential VM allocates swiotlb bounce buffers. If the I/O\nsubmission fails in storvsc_do_io(), the I/O is typically retried by higher\nlevel code, but the bounce buffer memory is never freed. The mostly like\ncause of I/O submission failure is a full VMBus channel ring buffer, which\nis not uncommon under high I/O loads. Eventually enough bounce buffer\nmemory leaks that the confidential VM can\u0027t do any I/O. The same problem\ncan arise in a non-confidential VM with kernel boot parameter\nswiotlb=force.\n\nFix this by doing scsi_dma_unmap() in the case of an I/O submission\nerror, which frees the bounce buffer memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48890",
"url": "https://www.suse.com/security/cve/CVE-2022-48890"
},
{
"category": "external",
"summary": "SUSE Bug 1229544 for CVE-2022-48890",
"url": "https://bugzilla.suse.com/1229544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48890"
},
{
"cve": "CVE-2022-48891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: da9211: Use irq handler when ready\n\nIf the system does not come from reset (like when it is kexec()), the\nregulator might have an IRQ waiting for us.\n\nIf we enable the IRQ handler before its structures are ready, we crash.\n\nThis patch fixes:\n\n[ 1.141839] Unable to handle kernel read from unreadable memory at virtual address 0000000000000078\n[ 1.316096] Call trace:\n[ 1.316101] blocking_notifier_call_chain+0x20/0xa8\n[ 1.322757] cpu cpu0: dummy supplies not allowed for exclusive requests\n[ 1.327823] regulator_notifier_call_chain+0x1c/0x2c\n[ 1.327825] da9211_irq_handler+0x68/0xf8\n[ 1.327829] irq_thread+0x11c/0x234\n[ 1.327833] kthread+0x13c/0x154",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48891",
"url": "https://www.suse.com/security/cve/CVE-2022-48891"
},
{
"category": "external",
"summary": "SUSE Bug 1229565 for CVE-2022-48891",
"url": "https://bugzilla.suse.com/1229565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48891"
},
{
"cve": "CVE-2022-48893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48893"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Cleanup partial engine discovery failures\n\nIf we abort driver initialisation in the middle of gt/engine discovery,\nsome engines will be fully setup and some not. Those incompletely setup\nengines only have \u0027engine-\u003erelease == NULL\u0027 and so will leak any of the\ncommon objects allocated.\n\nv2:\n - Drop the destroy_pinned_context() helper for now. It\u0027s not really\n worth it with just a single callsite at the moment. (Janusz)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48893",
"url": "https://www.suse.com/security/cve/CVE-2022-48893"
},
{
"category": "external",
"summary": "SUSE Bug 1229576 for CVE-2022-48893",
"url": "https://bugzilla.suse.com/1229576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48893"
},
{
"cve": "CVE-2022-48896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48896"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: fix pci device refcount leak\n\nAs the comment of pci_get_domain_bus_and_slot() says, it\nreturns a PCI device with refcount incremented, when finish\nusing it, the caller must decrement the reference count by\ncalling pci_dev_put().\n\nIn ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii(),\npci_dev_put() is called to avoid leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48896",
"url": "https://www.suse.com/security/cve/CVE-2022-48896"
},
{
"category": "external",
"summary": "SUSE Bug 1229540 for CVE-2022-48896",
"url": "https://bugzilla.suse.com/1229540"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48896"
},
{
"cve": "CVE-2022-48898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48898"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer\n\nThere are 3 possible interrupt sources are handled by DP controller,\nHPDstatus, Controller state changes and Aux read/write transaction.\nAt every irq, DP controller have to check isr status of every interrupt\nsources and service the interrupt if its isr status bits shows interrupts\nare pending. There is potential race condition may happen at current aux\nisr handler implementation since it is always complete dp_aux_cmd_fifo_tx()\neven irq is not for aux read or write transaction. This may cause aux read\ntransaction return premature if host aux data read is in the middle of\nwaiting for sink to complete transferring data to host while irq happen.\nThis will cause host\u0027s receiving buffer contains unexpected data. This\npatch fixes this problem by checking aux isr and return immediately at\naux isr handler if there are no any isr status bits set.\n\nCurrent there is a bug report regrading eDP edid corruption happen during\nsystem booting up. After lengthy debugging to found that VIDEO_READY\ninterrupt was continuously firing during system booting up which cause\ndp_aux_isr() to complete dp_aux_cmd_fifo_tx() prematurely to retrieve data\nfrom aux hardware buffer which is not yet contains complete data transfer\nfrom sink. This cause edid corruption.\n\nFollows are the signature at kernel logs when problem happen,\nEDID has corrupt header\npanel-simple-dp-aux aux-aea0000.edp: Couldn\u0027t identify panel via EDID\n\nChanges in v2:\n-- do complete if (ret == IRQ_HANDLED) ay dp-aux_isr()\n-- add more commit text\n\nChanges in v3:\n-- add Stephen suggested\n-- dp_aux_isr() return IRQ_XXX back to caller\n-- dp_ctrl_isr() return IRQ_XXX back to caller\n\nChanges in v4:\n-- split into two patches\n\nChanges in v5:\n-- delete empty line between tags\n\nChanges in v6:\n-- remove extra \"that\" and fixed line more than 75 char at commit text\n\nPatchwork: https://patchwork.freedesktop.org/patch/516121/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48898",
"url": "https://www.suse.com/security/cve/CVE-2022-48898"
},
{
"category": "external",
"summary": "SUSE Bug 1229537 for CVE-2022-48898",
"url": "https://bugzilla.suse.com/1229537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48898"
},
{
"cve": "CVE-2022-48899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48899"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/virtio: Fix GEM handle creation UAF\n\nUserspace can guess the handle value and try to race GEM object creation\nwith handle close, resulting in a use-after-free if we dereference the\nobject after dropping the handle\u0027s reference. For that reason, dropping\nthe handle\u0027s reference must be done *after* we are done dereferencing\nthe object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48899",
"url": "https://www.suse.com/security/cve/CVE-2022-48899"
},
{
"category": "external",
"summary": "SUSE Bug 1229536 for CVE-2022-48899",
"url": "https://bugzilla.suse.com/1229536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48899"
},
{
"cve": "CVE-2022-48903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48903"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix relocation crash due to premature return from btrfs_commit_transaction()\n\nWe are seeing crashes similar to the following trace:\n\n[38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 btrfs_relocate_block_group+0x2dc/0x340 [btrfs]\n[38.973556] CPU: 20 PID: 2105 Comm: btrfs Not tainted 5.17.0-rc4 #54\n[38.974580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014\n[38.976539] RIP: 0010:btrfs_relocate_block_group+0x2dc/0x340 [btrfs]\n[38.980336] RSP: 0000:ffffb0dd42e03c20 EFLAGS: 00010206\n[38.981218] RAX: ffff96cfc4ede800 RBX: ffff96cfc3ce0000 RCX: 000000000002ca14\n[38.982560] RDX: 0000000000000000 RSI: 4cfd109a0bcb5d7f RDI: ffff96cfc3ce0360\n[38.983619] RBP: ffff96cfc309c000 R08: 0000000000000000 R09: 0000000000000000\n[38.984678] R10: ffff96cec0000001 R11: ffffe84c80000000 R12: ffff96cfc4ede800\n[38.985735] R13: 0000000000000000 R14: 0000000000000000 R15: ffff96cfc3ce0360\n[38.987146] FS: 00007f11c15218c0(0000) GS:ffff96d6dfb00000(0000) knlGS:0000000000000000\n[38.988662] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[38.989398] CR2: 00007ffc922c8e60 CR3: 00000001147a6001 CR4: 0000000000370ee0\n[38.990279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[38.991219] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[38.992528] Call Trace:\n[38.992854] \u003cTASK\u003e\n[38.993148] btrfs_relocate_chunk+0x27/0xe0 [btrfs]\n[38.993941] btrfs_balance+0x78e/0xea0 [btrfs]\n[38.994801] ? vsnprintf+0x33c/0x520\n[38.995368] ? __kmalloc_track_caller+0x351/0x440\n[38.996198] btrfs_ioctl_balance+0x2b9/0x3a0 [btrfs]\n[38.997084] btrfs_ioctl+0x11b0/0x2da0 [btrfs]\n[38.997867] ? mod_objcg_state+0xee/0x340\n[38.998552] ? seq_release+0x24/0x30\n[38.999184] ? proc_nr_files+0x30/0x30\n[38.999654] ? call_rcu+0xc8/0x2f0\n[39.000228] ? __x64_sys_ioctl+0x84/0xc0\n[39.000872] ? btrfs_ioctl_get_supported_features+0x30/0x30 [btrfs]\n[39.001973] __x64_sys_ioctl+0x84/0xc0\n[39.002566] do_syscall_64+0x3a/0x80\n[39.003011] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[39.003735] RIP: 0033:0x7f11c166959b\n[39.007324] RSP: 002b:00007fff2543e998 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[39.008521] RAX: ffffffffffffffda RBX: 00007f11c1521698 RCX: 00007f11c166959b\n[39.009833] RDX: 00007fff2543ea40 RSI: 00000000c4009420 RDI: 0000000000000003\n[39.011270] RBP: 0000000000000003 R08: 0000000000000013 R09: 00007f11c16f94e0\n[39.012581] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff25440df3\n[39.014046] R13: 0000000000000000 R14: 00007fff2543ea40 R15: 0000000000000001\n[39.015040] \u003c/TASK\u003e\n[39.015418] ---[ end trace 0000000000000000 ]---\n[43.131559] ------------[ cut here ]------------\n[43.132234] kernel BUG at fs/btrfs/extent-tree.c:2717!\n[43.133031] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[43.133702] CPU: 1 PID: 1839 Comm: btrfs Tainted: G W 5.17.0-rc4 #54\n[43.134863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014\n[43.136426] RIP: 0010:unpin_extent_range+0x37a/0x4f0 [btrfs]\n[43.139913] RSP: 0000:ffffb0dd4216bc70 EFLAGS: 00010246\n[43.140629] RAX: 0000000000000000 RBX: ffff96cfc34490f8 RCX: 0000000000000001\n[43.141604] RDX: 0000000080000001 RSI: 0000000051d00000 RDI: 00000000ffffffff\n[43.142645] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff96cfd07dca50\n[43.143669] R10: ffff96cfc46e8a00 R11: fffffffffffec000 R12: 0000000041d00000\n[43.144657] R13: ffff96cfc3ce0000 R14: ffffb0dd4216bd08 R15: 0000000000000000\n[43.145686] FS: 00007f7657dd68c0(0000) GS:ffff96d6df640000(0000) knlGS:0000000000000000\n[43.146808] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[43.147584] CR2: 00007f7fe81bf5b0 CR3: 00000001093ee004 CR4: 0000000000370ee0\n[43.148589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[43.149581] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 00000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48903",
"url": "https://www.suse.com/security/cve/CVE-2022-48903"
},
{
"category": "external",
"summary": "SUSE Bug 1229613 for CVE-2022-48903",
"url": "https://bugzilla.suse.com/1229613"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48903"
},
{
"cve": "CVE-2022-48904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48904"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Fix I/O page table memory leak\n\nThe current logic updates the I/O page table mode for the domain\nbefore calling the logic to free memory used for the page table.\nThis results in IOMMU page table memory leak, and can be observed\nwhen launching VM w/ pass-through devices.\n\nFix by freeing the memory used for page table before updating the mode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48904",
"url": "https://www.suse.com/security/cve/CVE-2022-48904"
},
{
"category": "external",
"summary": "SUSE Bug 1229603 for CVE-2022-48904",
"url": "https://bugzilla.suse.com/1229603"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "low"
}
],
"title": "CVE-2022-48904"
},
{
"cve": "CVE-2022-48905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: free reset-work-item when flushing\n\nFix a tiny memory leak when flushing the reset work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48905",
"url": "https://www.suse.com/security/cve/CVE-2022-48905"
},
{
"category": "external",
"summary": "SUSE Bug 1229604 for CVE-2022-48905",
"url": "https://bugzilla.suse.com/1229604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48905"
},
{
"cve": "CVE-2022-48906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: Correctly set DATA_FIN timeout when number of retransmits is large\n\nSyzkaller with UBSAN uncovered a scenario where a large number of\nDATA_FIN retransmits caused a shift-out-of-bounds in the DATA_FIN\ntimeout calculation:\n\n================================================================================\nUBSAN: shift-out-of-bounds in net/mptcp/protocol.c:470:29\nshift exponent 32 is too large for 32-bit type \u0027unsigned int\u0027\nCPU: 1 PID: 13059 Comm: kworker/1:0 Not tainted 5.17.0-rc2-00630-g5fbf21c90c60 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: events mptcp_worker\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n ubsan_epilogue+0xb/0x5a lib/ubsan.c:151\n __ubsan_handle_shift_out_of_bounds.cold+0xb2/0x20e lib/ubsan.c:330\n mptcp_set_datafin_timeout net/mptcp/protocol.c:470 [inline]\n __mptcp_retrans.cold+0x72/0x77 net/mptcp/protocol.c:2445\n mptcp_worker+0x58a/0xa70 net/mptcp/protocol.c:2528\n process_one_work+0x9df/0x16d0 kernel/workqueue.c:2307\n worker_thread+0x95/0xe10 kernel/workqueue.c:2454\n kthread+0x2f4/0x3b0 kernel/kthread.c:377\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295\n \u003c/TASK\u003e\n================================================================================\n\nThis change limits the maximum timeout by limiting the size of the\nshift, which keeps all intermediate values in-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48906",
"url": "https://www.suse.com/security/cve/CVE-2022-48906"
},
{
"category": "external",
"summary": "SUSE Bug 1229605 for CVE-2022-48906",
"url": "https://bugzilla.suse.com/1229605"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48906"
},
{
"cve": "CVE-2022-48907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48907"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nauxdisplay: lcd2s: Fix memory leak in -\u003eremove()\n\nOnce allocated the struct lcd2s_data is never freed.\nFix the memory leak by switching to devm_kzalloc().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48907",
"url": "https://www.suse.com/security/cve/CVE-2022-48907"
},
{
"category": "external",
"summary": "SUSE Bug 1229608 for CVE-2022-48907",
"url": "https://bugzilla.suse.com/1229608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "low"
}
],
"title": "CVE-2022-48907"
},
{
"cve": "CVE-2022-48909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix connection leak\n\nThere\u0027s a potential leak issue under following execution sequence :\n\nsmc_release \t\t\t\tsmc_connect_work\nif (sk-\u003esk_state == SMC_INIT)\n\t\t\t\t\tsend_clc_confirim\n\ttcp_abort();\n\t\t\t\t\t...\n\t\t\t\t\tsk.sk_state = SMC_ACTIVE\nsmc_close_active\nswitch(sk-\u003esk_state) {\n...\ncase SMC_ACTIVE:\n\tsmc_close_final()\n\t// then wait peer closed\n\nUnfortunately, tcp_abort() may discard CLC CONFIRM messages that are\nstill in the tcp send buffer, in which case our connection token cannot\nbe delivered to the server side, which means that we cannot get a\npassive close message at all. Therefore, it is impossible for the to be\ndisconnected at all.\n\nThis patch tries a very simple way to avoid this issue, once the state\nhas changed to SMC_ACTIVE after tcp_abort(), we can actively abort the\nsmc connection, considering that the state is SMC_INIT before\ntcp_abort(), abandoning the complete disconnection process should not\ncause too much problem.\n\nIn fact, this problem may exist as long as the CLC CONFIRM message is\nnot received by the server. Whether a timer should be added after\nsmc_close_final() needs to be discussed in the future. But even so, this\npatch provides a faster release for connection in above case, it should\nalso be valuable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48909",
"url": "https://www.suse.com/security/cve/CVE-2022-48909"
},
{
"category": "external",
"summary": "SUSE Bug 1229611 for CVE-2022-48909",
"url": "https://bugzilla.suse.com/1229611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48909"
},
{
"cve": "CVE-2022-48910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: ensure we call ipv6_mc_down() at most once\n\nThere are two reasons for addrconf_notify() to be called with NETDEV_DOWN:\neither the network device is actually going down, or IPv6 was disabled\non the interface.\n\nIf either of them stays down while the other is toggled, we repeatedly\ncall the code for NETDEV_DOWN, including ipv6_mc_down(), while never\ncalling the corresponding ipv6_mc_up() in between. This will cause a\nnew entry in idev-\u003emc_tomb to be allocated for each multicast group\nthe interface is subscribed to, which in turn leaks one struct ifmcaddr6\nper nontrivial multicast group the interface is subscribed to.\n\nThe following reproducer will leak at least $n objects:\n\nip addr add ff2e::4242/32 dev eth0 autojoin\nsysctl -w net.ipv6.conf.eth0.disable_ipv6=1\nfor i in $(seq 1 $n); do\n\tip link set up eth0; ip link set down eth0\ndone\n\nJoining groups with IPV6_ADD_MEMBERSHIP (unprivileged) or setting the\nsysctl net.ipv6.conf.eth0.forwarding to 1 (=\u003e subscribing to ff02::2)\ncan also be used to create a nontrivial idev-\u003emc_list, which will the\nleak objects with the right up-down-sequence.\n\nBased on both sources for NETDEV_DOWN events the interface IPv6 state\nshould be considered:\n\n - not ready if the network interface is not ready OR IPv6 is disabled\n for it\n - ready if the network interface is ready AND IPv6 is enabled for it\n\nThe functions ipv6_mc_up() and ipv6_down() should only be run when this\nstate changes.\n\nImplement this by remembering when the IPv6 state is ready, and only\nrun ipv6_mc_down() if it actually changed from ready to not ready.\n\nThe other direction (not ready -\u003e ready) already works correctly, as:\n\n - the interface notification triggered codepath for NETDEV_UP /\n NETDEV_CHANGE returns early if ipv6 is disabled, and\n - the disable_ipv6=0 triggered codepath skips fully initializing the\n interface as long as addrconf_link_ready(dev) returns false\n - calling ipv6_mc_up() repeatedly does not leak anything",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48910",
"url": "https://www.suse.com/security/cve/CVE-2022-48910"
},
{
"category": "external",
"summary": "SUSE Bug 1229632 for CVE-2022-48910",
"url": "https://bugzilla.suse.com/1229632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48910"
},
{
"cve": "CVE-2022-48912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: fix use-after-free in __nf_register_net_hook()\n\nWe must not dereference @new_hooks after nf_hook_mutex has been released,\nbecause other threads might have freed our allocated hooks already.\n\nBUG: KASAN: use-after-free in nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline]\nBUG: KASAN: use-after-free in hooks_validate net/netfilter/core.c:171 [inline]\nBUG: KASAN: use-after-free in __nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438\nRead of size 2 at addr ffff88801c1a8000 by task syz-executor237/4430\n\nCPU: 1 PID: 4430 Comm: syz-executor237 Not tainted 5.17.0-rc5-syzkaller-00306-g2293be58d6a1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x336 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n nf_hook_entries_get_hook_ops include/linux/netfilter.h:130 [inline]\n hooks_validate net/netfilter/core.c:171 [inline]\n __nf_register_net_hook+0x77a/0x820 net/netfilter/core.c:438\n nf_register_net_hook+0x114/0x170 net/netfilter/core.c:571\n nf_register_net_hooks+0x59/0xc0 net/netfilter/core.c:587\n nf_synproxy_ipv6_init+0x85/0xe0 net/netfilter/nf_synproxy_core.c:1218\n synproxy_tg6_check+0x30d/0x560 net/ipv6/netfilter/ip6t_SYNPROXY.c:81\n xt_check_target+0x26c/0x9e0 net/netfilter/x_tables.c:1038\n check_target net/ipv6/netfilter/ip6_tables.c:530 [inline]\n find_check_entry.constprop.0+0x7f1/0x9e0 net/ipv6/netfilter/ip6_tables.c:573\n translate_table+0xc8b/0x1750 net/ipv6/netfilter/ip6_tables.c:735\n do_replace net/ipv6/netfilter/ip6_tables.c:1153 [inline]\n do_ip6t_set_ctl+0x56e/0xb90 net/ipv6/netfilter/ip6_tables.c:1639\n nf_setsockopt+0x83/0xe0 net/netfilter/nf_sockopt.c:101\n ipv6_setsockopt+0x122/0x180 net/ipv6/ipv6_sockglue.c:1024\n rawv6_setsockopt+0xd3/0x6a0 net/ipv6/raw.c:1084\n __sys_setsockopt+0x2db/0x610 net/socket.c:2180\n __do_sys_setsockopt net/socket.c:2191 [inline]\n __se_sys_setsockopt net/socket.c:2188 [inline]\n __x64_sys_setsockopt+0xba/0x150 net/socket.c:2188\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f65a1ace7d9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f65a1a7f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f65a1ace7d9\nRDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003\nRBP: 00007f65a1b574c8 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000020000000 R11: 0000000000000246 R12: 00007f65a1b55130\nR13: 00007f65a1b574c0 R14: 00007f65a1b24090 R15: 0000000000022000\n \u003c/TASK\u003e\n\nThe buggy address belongs to the page:\npage:ffffea0000706a00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c1a8\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000000000 ffffea0001c1b108 ffffea000046dd08 0000000000000000\nraw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 2, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 4430, ts 1061781545818, free_ts 1061791488993\n prep_new_page mm/page_alloc.c:2434 [inline]\n get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4165\n __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5389\n __alloc_pages_node include/linux/gfp.h:572 [inline]\n alloc_pages_node include/linux/gfp.h:595 [inline]\n kmalloc_large_node+0x62/0x130 mm/slub.c:4438\n __kmalloc_node+0x35a/0x4a0 mm/slub.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48912",
"url": "https://www.suse.com/security/cve/CVE-2022-48912"
},
{
"category": "external",
"summary": "SUSE Bug 1229641 for CVE-2022-48912",
"url": "https://bugzilla.suse.com/1229641"
},
{
"category": "external",
"summary": "SUSE Bug 1229644 for CVE-2022-48912",
"url": "https://bugzilla.suse.com/1229644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2022-48912"
},
{
"cve": "CVE-2022-48913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblktrace: fix use after free for struct blk_trace\n\nWhen tracing the whole disk, \u0027dropped\u0027 and \u0027msg\u0027 will be created\nunder \u0027q-\u003edebugfs_dir\u0027 and \u0027bt-\u003edir\u0027 is NULL, thus blk_trace_free()\nwon\u0027t remove those files. What\u0027s worse, the following UAF can be\ntriggered because of accessing stale \u0027dropped\u0027 and \u0027msg\u0027:\n\n==================================================================\nBUG: KASAN: use-after-free in blk_dropped_read+0x89/0x100\nRead of size 4 at addr ffff88816912f3d8 by task blktrace/1188\n\nCPU: 27 PID: 1188 Comm: blktrace Not tainted 5.17.0-rc4-next-20220217+ #469\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-4\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x34/0x44\n print_address_description.constprop.0.cold+0xab/0x381\n ? blk_dropped_read+0x89/0x100\n ? blk_dropped_read+0x89/0x100\n kasan_report.cold+0x83/0xdf\n ? blk_dropped_read+0x89/0x100\n kasan_check_range+0x140/0x1b0\n blk_dropped_read+0x89/0x100\n ? blk_create_buf_file_callback+0x20/0x20\n ? kmem_cache_free+0xa1/0x500\n ? do_sys_openat2+0x258/0x460\n full_proxy_read+0x8f/0xc0\n vfs_read+0xc6/0x260\n ksys_read+0xb9/0x150\n ? vfs_write+0x3d0/0x3d0\n ? fpregs_assert_state_consistent+0x55/0x60\n ? exit_to_user_mode_prepare+0x39/0x1e0\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fbc080d92fd\nCode: ce 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 1\nRSP: 002b:00007fbb95ff9cb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 00007fbb95ff9dc0 RCX: 00007fbc080d92fd\nRDX: 0000000000000100 RSI: 00007fbb95ff9cc0 RDI: 0000000000000045\nRBP: 0000000000000045 R08: 0000000000406299 R09: 00000000fffffffd\nR10: 000000000153afa0 R11: 0000000000000293 R12: 00007fbb780008c0\nR13: 00007fbb78000938 R14: 0000000000608b30 R15: 00007fbb780029c8\n \u003c/TASK\u003e\n\nAllocated by task 1050:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0x81/0xa0\n do_blk_trace_setup+0xcb/0x410\n __blk_trace_setup+0xac/0x130\n blk_trace_ioctl+0xe9/0x1c0\n blkdev_ioctl+0xf1/0x390\n __x64_sys_ioctl+0xa5/0xe0\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nFreed by task 1050:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_set_free_info+0x20/0x30\n __kasan_slab_free+0x103/0x180\n kfree+0x9a/0x4c0\n __blk_trace_remove+0x53/0x70\n blk_trace_ioctl+0x199/0x1c0\n blkdev_common_ioctl+0x5e9/0xb30\n blkdev_ioctl+0x1a5/0x390\n __x64_sys_ioctl+0xa5/0xe0\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe buggy address belongs to the object at ffff88816912f380\n which belongs to the cache kmalloc-96 of size 96\nThe buggy address is located 88 bytes inside of\n 96-byte region [ffff88816912f380, ffff88816912f3e0)\nThe buggy address belongs to the page:\npage:000000009a1b4e7c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0f\nflags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)\nraw: 0017ffffc0000200 ffffea00044f1100 dead000000000002 ffff88810004c780\nraw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff88816912f280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n ffff88816912f300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n\u003effff88816912f380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n ^\n ffff88816912f400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n ffff88816912f480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48913",
"url": "https://www.suse.com/security/cve/CVE-2022-48913"
},
{
"category": "external",
"summary": "SUSE Bug 1229643 for CVE-2022-48913",
"url": "https://bugzilla.suse.com/1229643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48913"
},
{
"cve": "CVE-2022-48914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netfront: destroy queues before real_num_tx_queues is zeroed\n\nxennet_destroy_queues() relies on info-\u003enetdev-\u003ereal_num_tx_queues to\ndelete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5\n(\"net-sysfs: update the queue counts in the unregistration path\"),\nunregister_netdev() indirectly sets real_num_tx_queues to 0. Those two\nfacts together means, that xennet_destroy_queues() called from\nxennet_remove() cannot do its job, because it\u0027s called after\nunregister_netdev(). This results in kfree-ing queues that are still\nlinked in napi, which ultimately crashes:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 52 Comm: xenwatch Tainted: G W 5.16.10-1.32.fc32.qubes.x86_64+ #226\n RIP: 0010:free_netdev+0xa3/0x1a0\n Code: ff 48 89 df e8 2e e9 00 00 48 8b 43 50 48 8b 08 48 8d b8 a0 fe ff ff 48 8d a9 a0 fe ff ff 49 39 c4 75 26 eb 47 e8 ed c1 66 ff \u003c48\u003e 8b 85 60 01 00 00 48 8d 95 60 01 00 00 48 89 ef 48 2d 60 01 00\n RSP: 0000:ffffc90000bcfd00 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: ffff88800edad000 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: ffffc90000bcfc30 RDI: 00000000ffffffff\n RBP: fffffffffffffea0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800edad050\n R13: ffff8880065f8f88 R14: 0000000000000000 R15: ffff8880066c6680\n FS: 0000000000000000(0000) GS:ffff8880f3300000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 00000000e998c006 CR4: 00000000003706e0\n Call Trace:\n \u003cTASK\u003e\n xennet_remove+0x13d/0x300 [xen_netfront]\n xenbus_dev_remove+0x6d/0xf0\n __device_release_driver+0x17a/0x240\n device_release_driver+0x24/0x30\n bus_remove_device+0xd8/0x140\n device_del+0x18b/0x410\n ? _raw_spin_unlock+0x16/0x30\n ? klist_iter_exit+0x14/0x20\n ? xenbus_dev_request_and_reply+0x80/0x80\n device_unregister+0x13/0x60\n xenbus_dev_changed+0x18e/0x1f0\n xenwatch_thread+0xc0/0x1a0\n ? do_wait_intr_irq+0xa0/0xa0\n kthread+0x16b/0x190\n ? set_kthread_struct+0x40/0x40\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\nFix this by calling xennet_destroy_queues() from xennet_uninit(),\nwhen real_num_tx_queues is still available. This ensures that queues are\ndestroyed when real_num_tx_queues is set to 0, regardless of how\nunregister_netdev() was called.\n\nOriginally reported at\nhttps://github.com/QubesOS/qubes-issues/issues/7257",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48914",
"url": "https://www.suse.com/security/cve/CVE-2022-48914"
},
{
"category": "external",
"summary": "SUSE Bug 1229642 for CVE-2022-48914",
"url": "https://bugzilla.suse.com/1229642"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48914"
},
{
"cve": "CVE-2022-48915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48915"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Fix TZ_GET_TRIP NULL pointer dereference\n\nDo not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if\nthe thermal zone does not define one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48915",
"url": "https://www.suse.com/security/cve/CVE-2022-48915"
},
{
"category": "external",
"summary": "SUSE Bug 1229639 for CVE-2022-48915",
"url": "https://bugzilla.suse.com/1229639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48915"
},
{
"cve": "CVE-2022-48916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48916"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix double list_add when enabling VMD in scalable mode\n\nWhen enabling VMD and IOMMU scalable mode, the following kernel panic\ncall trace/kernel log is shown in Eagle Stream platform (Sapphire Rapids\nCPU) during booting:\n\npci 0000:59:00.5: Adding to iommu group 42\n...\nvmd 0000:59:00.5: PCI host bridge to bus 10000:80\npci 10000:80:01.0: [8086:352a] type 01 class 0x060400\npci 10000:80:01.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit]\npci 10000:80:01.0: enabling Extended Tags\npci 10000:80:01.0: PME# supported from D0 D3hot D3cold\npci 10000:80:01.0: DMAR: Setup RID2PASID failed\npci 10000:80:01.0: Failed to add to iommu group 42: -16\npci 10000:80:03.0: [8086:352b] type 01 class 0x060400\npci 10000:80:03.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit]\npci 10000:80:03.0: enabling Extended Tags\npci 10000:80:03.0: PME# supported from D0 D3hot D3cold\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:29!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.17.0-rc3+ #7\nHardware name: Lenovo ThinkSystem SR650V3/SB27A86647, BIOS ESE101Y-1.00 01/13/2022\nWorkqueue: events work_for_cpu_fn\nRIP: 0010:__list_add_valid.cold+0x26/0x3f\nCode: 9a 4a ab ff 4c 89 c1 48 c7 c7 40 0c d9 9e e8 b9 b1 fe ff 0f\n 0b 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 f0 0c d9 9e e8 a2 b1\n fe ff \u003c0f\u003e 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 98 0c d9\n 9e e8 8b b1 fe\nRSP: 0000:ff5ad434865b3a40 EFLAGS: 00010246\nRAX: 0000000000000058 RBX: ff4d61160b74b880 RCX: ff4d61255e1fffa8\nRDX: 0000000000000000 RSI: 00000000fffeffff RDI: ffffffff9fd34f20\nRBP: ff4d611d8e245c00 R08: 0000000000000000 R09: ff5ad434865b3888\nR10: ff5ad434865b3880 R11: ff4d61257fdc6fe8 R12: ff4d61160b74b8a0\nR13: ff4d61160b74b8a0 R14: ff4d611d8e245c10 R15: ff4d611d8001ba70\nFS: 0000000000000000(0000) GS:ff4d611d5ea00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ff4d611fa1401000 CR3: 0000000aa0210001 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n intel_pasid_alloc_table+0x9c/0x1d0\n dmar_insert_one_dev_info+0x423/0x540\n ? device_to_iommu+0x12d/0x2f0\n intel_iommu_attach_device+0x116/0x290\n __iommu_attach_device+0x1a/0x90\n iommu_group_add_device+0x190/0x2c0\n __iommu_probe_device+0x13e/0x250\n iommu_probe_device+0x24/0x150\n iommu_bus_notifier+0x69/0x90\n blocking_notifier_call_chain+0x5a/0x80\n device_add+0x3db/0x7b0\n ? arch_memremap_can_ram_remap+0x19/0x50\n ? memremap+0x75/0x140\n pci_device_add+0x193/0x1d0\n pci_scan_single_device+0xb9/0xf0\n pci_scan_slot+0x4c/0x110\n pci_scan_child_bus_extend+0x3a/0x290\n vmd_enable_domain.constprop.0+0x63e/0x820\n vmd_probe+0x163/0x190\n local_pci_probe+0x42/0x80\n work_for_cpu_fn+0x13/0x20\n process_one_work+0x1e2/0x3b0\n worker_thread+0x1c4/0x3a0\n ? rescuer_thread+0x370/0x370\n kthread+0xc7/0xf0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\n...\nKernel panic - not syncing: Fatal exception\nKernel Offset: 0x1ca00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)\n---[ end Kernel panic - not syncing: Fatal exception ]---\n\nThe following \u0027lspci\u0027 output shows devices \u002710000:80:*\u0027 are subdevices of\nthe VMD device 0000:59:00.5:\n\n $ lspci\n ...\n 0000:59:00.5 RAID bus controller: Intel Corporation Volume Management Device NVMe RAID Controller (rev 20)\n ...\n 10000:80:01.0 PCI bridge: Intel Corporation Device 352a (rev 03)\n 10000:80:03.0 PCI bridge: Intel Corporation Device 352b (rev 03)\n 10000:80:05.0 PCI bridge: Intel Corporation Device 352c (rev 03)\n 10000:80:07.0 PCI bridge: Intel Corporation Device 352d (rev 03)\n 10000:81:00.0 Non-Volatile memory controller: Intel Corporation NVMe Datacenter SSD [3DNAND, Beta Rock Controller]\n 10000:82:00\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48916",
"url": "https://www.suse.com/security/cve/CVE-2022-48916"
},
{
"category": "external",
"summary": "SUSE Bug 1229638 for CVE-2022-48916",
"url": "https://bugzilla.suse.com/1229638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48916"
},
{
"cve": "CVE-2022-48917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48917"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48917",
"url": "https://www.suse.com/security/cve/CVE-2022-48917"
},
{
"category": "external",
"summary": "SUSE Bug 1229637 for CVE-2022-48917",
"url": "https://bugzilla.suse.com/1229637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48917"
},
{
"cve": "CVE-2022-48918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niwlwifi: mvm: check debugfs_dir ptr before use\n\nWhen \"debugfs=off\" is used on the kernel command line, iwiwifi\u0027s\nmvm module uses an invalid/unchecked debugfs_dir pointer and causes\na BUG:\n\n BUG: kernel NULL pointer dereference, address: 000000000000004f\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP\n CPU: 1 PID: 503 Comm: modprobe Tainted: G W 5.17.0-rc5 #7\n Hardware name: Dell Inc. Inspiron 15 5510/076F7Y, BIOS 2.4.1 11/05/2021\n RIP: 0010:iwl_mvm_dbgfs_register+0x692/0x700 [iwlmvm]\n Code: 69 a0 be 80 01 00 00 48 c7 c7 50 73 6a a0 e8 95 cf ee e0 48 8b 83 b0 1e 00 00 48 c7 c2 54 73 6a a0 be 64 00 00 00 48 8d 7d 8c \u003c48\u003e 8b 48 50 e8 15 22 07 e1 48 8b 43 28 48 8d 55 8c 48 c7 c7 5f 73\n RSP: 0018:ffffc90000a0ba68 EFLAGS: 00010246\n RAX: ffffffffffffffff RBX: ffff88817d6e3328 RCX: ffff88817d6e3328\n RDX: ffffffffa06a7354 RSI: 0000000000000064 RDI: ffffc90000a0ba6c\n RBP: ffffc90000a0bae0 R08: ffffffff824e4880 R09: ffffffffa069d620\n R10: ffffc90000a0ba00 R11: ffffffffffffffff R12: 0000000000000000\n R13: ffffc90000a0bb28 R14: ffff88817d6e3328 R15: ffff88817d6e3320\n FS: 00007f64dd92d740(0000) GS:ffff88847f640000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000004f CR3: 000000016fc79001 CR4: 0000000000770ee0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? iwl_mvm_mac_setup_register+0xbdc/0xda0 [iwlmvm]\n iwl_mvm_start_post_nvm+0x71/0x100 [iwlmvm]\n iwl_op_mode_mvm_start+0xab8/0xb30 [iwlmvm]\n _iwl_op_mode_start+0x6f/0xd0 [iwlwifi]\n iwl_opmode_register+0x6a/0xe0 [iwlwifi]\n ? 0xffffffffa0231000\n iwl_mvm_init+0x35/0x1000 [iwlmvm]\n ? 0xffffffffa0231000\n do_one_initcall+0x5a/0x1b0\n ? kmem_cache_alloc+0x1e5/0x2f0\n ? do_init_module+0x1e/0x220\n do_init_module+0x48/0x220\n load_module+0x2602/0x2bc0\n ? __kernel_read+0x145/0x2e0\n ? kernel_read_file+0x229/0x290\n __do_sys_finit_module+0xc5/0x130\n ? __do_sys_finit_module+0xc5/0x130\n __x64_sys_finit_module+0x13/0x20\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f64dda564dd\n Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1b 29 0f 00 f7 d8 64 89 01 48\n RSP: 002b:00007ffdba393f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f64dda564dd\n RDX: 0000000000000000 RSI: 00005575399e2ab2 RDI: 0000000000000001\n RBP: 000055753a91c5e0 R08: 0000000000000000 R09: 0000000000000002\n R10: 0000000000000001 R11: 0000000000000246 R12: 00005575399e2ab2\n R13: 000055753a91ceb0 R14: 0000000000000000 R15: 000055753a923018\n \u003c/TASK\u003e\n Modules linked in: btintel(+) btmtk bluetooth vfat snd_hda_codec_hdmi fat snd_hda_codec_realtek snd_hda_codec_generic iwlmvm(+) snd_sof_pci_intel_tgl mac80211 snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence soundwire_bus snd_sof_intel_hda snd_sof_pci snd_sof snd_sof_xtensa_dsp snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core btrfs snd_compress snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec raid6_pq iwlwifi snd_hda_core snd_pcm snd_timer snd soundcore cfg80211 intel_ish_ipc(+) thunderbolt rfkill intel_ishtp ucsi_acpi wmi i2c_hid_acpi i2c_hid evdev\n CR2: 000000000000004f\n ---[ end trace 0000000000000000 ]---\n\nCheck the debugfs_dir pointer for an error before using it.\n\n[change to make both conditional]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48918",
"url": "https://www.suse.com/security/cve/CVE-2022-48918"
},
{
"category": "external",
"summary": "SUSE Bug 1229636 for CVE-2022-48918",
"url": "https://bugzilla.suse.com/1229636"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48918"
},
{
"cve": "CVE-2022-48919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48919"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix double free race when mount fails in cifs_get_root()\n\nWhen cifs_get_root() fails during cifs_smb3_do_mount() we call\ndeactivate_locked_super() which eventually will call delayed_free() which\nwill free the context.\nIn this situation we should not proceed to enter the out: section in\ncifs_smb3_do_mount() and free the same resources a second time.\n\n[Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60\n[Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0\n\n[Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4\n[Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019\n[Thu Feb 10 12:59:06 2022] Call Trace:\n[Thu Feb 10 12:59:06 2022] \u003cIRQ\u003e\n[Thu Feb 10 12:59:06 2022] dump_stack_lvl+0x5d/0x78\n[Thu Feb 10 12:59:06 2022] print_address_description.constprop.0+0x24/0x150\n[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60\n[Thu Feb 10 12:59:06 2022] kasan_report.cold+0x7d/0x117\n[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60\n[Thu Feb 10 12:59:06 2022] __asan_load8+0x86/0xa0\n[Thu Feb 10 12:59:06 2022] rcu_cblist_dequeue+0x32/0x60\n[Thu Feb 10 12:59:06 2022] rcu_core+0x547/0xca0\n[Thu Feb 10 12:59:06 2022] ? call_rcu+0x3c0/0x3c0\n[Thu Feb 10 12:59:06 2022] ? __this_cpu_preempt_check+0x13/0x20\n[Thu Feb 10 12:59:06 2022] ? lock_is_held_type+0xea/0x140\n[Thu Feb 10 12:59:06 2022] rcu_core_si+0xe/0x10\n[Thu Feb 10 12:59:06 2022] __do_softirq+0x1d4/0x67b\n[Thu Feb 10 12:59:06 2022] __irq_exit_rcu+0x100/0x150\n[Thu Feb 10 12:59:06 2022] irq_exit_rcu+0xe/0x30\n[Thu Feb 10 12:59:06 2022] sysvec_hyperv_stimer0+0x9d/0xc0\n...\n[Thu Feb 10 12:59:07 2022] Freed by task 58179:\n[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50\n[Thu Feb 10 12:59:07 2022] kasan_set_track+0x25/0x30\n[Thu Feb 10 12:59:07 2022] kasan_set_free_info+0x24/0x40\n[Thu Feb 10 12:59:07 2022] ____kasan_slab_free+0x137/0x170\n[Thu Feb 10 12:59:07 2022] __kasan_slab_free+0x12/0x20\n[Thu Feb 10 12:59:07 2022] slab_free_freelist_hook+0xb3/0x1d0\n[Thu Feb 10 12:59:07 2022] kfree+0xcd/0x520\n[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0x149/0xbe0 [cifs]\n[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs]\n[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140\n[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0\n[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210\n[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0\n[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n[Thu Feb 10 12:59:07 2022] Last potentially related work creation:\n[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50\n[Thu Feb 10 12:59:07 2022] __kasan_record_aux_stack+0xb6/0xc0\n[Thu Feb 10 12:59:07 2022] kasan_record_aux_stack_noalloc+0xb/0x10\n[Thu Feb 10 12:59:07 2022] call_rcu+0x76/0x3c0\n[Thu Feb 10 12:59:07 2022] cifs_umount+0xce/0xe0 [cifs]\n[Thu Feb 10 12:59:07 2022] cifs_kill_sb+0xc8/0xe0 [cifs]\n[Thu Feb 10 12:59:07 2022] deactivate_locked_super+0x5d/0xd0\n[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0xab9/0xbe0 [cifs]\n[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs]\n[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140\n[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0\n[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210\n[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0\n[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48919",
"url": "https://www.suse.com/security/cve/CVE-2022-48919"
},
{
"category": "external",
"summary": "SUSE Bug 1229657 for CVE-2022-48919",
"url": "https://bugzilla.suse.com/1229657"
},
{
"category": "external",
"summary": "SUSE Bug 1229660 for CVE-2022-48919",
"url": "https://bugzilla.suse.com/1229660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48919"
},
{
"cve": "CVE-2022-48920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: get rid of warning on transaction commit when using flushoncommit\n\nWhen using the flushoncommit mount option, during almost every transaction\ncommit we trigger a warning from __writeback_inodes_sb_nr():\n\n $ cat fs/fs-writeback.c:\n (...)\n static void __writeback_inodes_sb_nr(struct super_block *sb, ...\n {\n (...)\n WARN_ON(!rwsem_is_locked(\u0026sb-\u003es_umount));\n (...)\n }\n (...)\n\nThe trace produced in dmesg looks like the following:\n\n [947.473890] WARNING: CPU: 5 PID: 930 at fs/fs-writeback.c:2610 __writeback_inodes_sb_nr+0x7e/0xb3\n [947.481623] Modules linked in: nfsd nls_cp437 cifs asn1_decoder cifs_arc4 fscache cifs_md4 ipmi_ssif\n [947.489571] CPU: 5 PID: 930 Comm: btrfs-transacti Not tainted 95.16.3-srb-asrock-00001-g36437ad63879 #186\n [947.497969] RIP: 0010:__writeback_inodes_sb_nr+0x7e/0xb3\n [947.502097] Code: 24 10 4c 89 44 24 18 c6 (...)\n [947.519760] RSP: 0018:ffffc90000777e10 EFLAGS: 00010246\n [947.523818] RAX: 0000000000000000 RBX: 0000000000963300 RCX: 0000000000000000\n [947.529765] RDX: 0000000000000000 RSI: 000000000000fa51 RDI: ffffc90000777e50\n [947.535740] RBP: ffff888101628a90 R08: ffff888100955800 R09: ffff888100956000\n [947.541701] R10: 0000000000000002 R11: 0000000000000001 R12: ffff888100963488\n [947.547645] R13: ffff888100963000 R14: ffff888112fb7200 R15: ffff888100963460\n [947.553621] FS: 0000000000000000(0000) GS:ffff88841fd40000(0000) knlGS:0000000000000000\n [947.560537] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [947.565122] CR2: 0000000008be50c4 CR3: 000000000220c000 CR4: 00000000001006e0\n [947.571072] Call Trace:\n [947.572354] \u003cTASK\u003e\n [947.573266] btrfs_commit_transaction+0x1f1/0x998\n [947.576785] ? start_transaction+0x3ab/0x44e\n [947.579867] ? schedule_timeout+0x8a/0xdd\n [947.582716] transaction_kthread+0xe9/0x156\n [947.585721] ? btrfs_cleanup_transaction.isra.0+0x407/0x407\n [947.590104] kthread+0x131/0x139\n [947.592168] ? set_kthread_struct+0x32/0x32\n [947.595174] ret_from_fork+0x22/0x30\n [947.597561] \u003c/TASK\u003e\n [947.598553] ---[ end trace 644721052755541c ]---\n\nThis is because we started using writeback_inodes_sb() to flush delalloc\nwhen committing a transaction (when using -o flushoncommit), in order to\navoid deadlocks with filesystem freeze operations. This change was made\nby commit ce8ea7cc6eb313 (\"btrfs: don\u0027t call btrfs_start_delalloc_roots\nin flushoncommit\"). After that change we started producing that warning,\nand every now and then a user reports this since the warning happens too\noften, it spams dmesg/syslog, and a user is unsure if this reflects any\nproblem that might compromise the filesystem\u0027s reliability.\n\nWe can not just lock the sb-\u003es_umount semaphore before calling\nwriteback_inodes_sb(), because that would at least deadlock with\nfilesystem freezing, since at fs/super.c:freeze_super() sync_filesystem()\nis called while we are holding that semaphore in write mode, and that can\ntrigger a transaction commit, resulting in a deadlock. It would also\ntrigger the same type of deadlock in the unmount path. Possibly, it could\nalso introduce some other locking dependencies that lockdep would report.\n\nTo fix this call try_to_writeback_inodes_sb() instead of\nwriteback_inodes_sb(), because that will try to read lock sb-\u003es_umount\nand then will only call writeback_inodes_sb() if it was able to lock it.\nThis is fine because the cases where it can\u0027t read lock sb-\u003es_umount\nare during a filesystem unmount or during a filesystem freeze - in those\ncases sb-\u003es_umount is write locked and sync_filesystem() is called, which\ncalls writeback_inodes_sb(). In other words, in all cases where we can\u0027t\ntake a read lock on sb-\u003es_umount, writeback is already being triggered\nelsewhere.\n\nAn alternative would be to call btrfs_start_delalloc_roots() with a\nnumber of pages different from LONG_MAX, for example matching the number\nof delalloc bytes we currently have, in \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48920",
"url": "https://www.suse.com/security/cve/CVE-2022-48920"
},
{
"category": "external",
"summary": "SUSE Bug 1229658 for CVE-2022-48920",
"url": "https://bugzilla.suse.com/1229658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48920"
},
{
"cve": "CVE-2022-48921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48921"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Fix fault in reweight_entity\n\nSyzbot found a GPF in reweight_entity. This has been bisected to\ncommit 4ef0c5c6b5ba (\"kernel/sched: Fix sched_fork() access an invalid\nsched_task_group\")\n\nThere is a race between sched_post_fork() and setpriority(PRIO_PGRP)\nwithin a thread group that causes a null-ptr-deref in\nreweight_entity() in CFS. The scenario is that the main process spawns\nnumber of new threads, which then call setpriority(PRIO_PGRP, 0, -20),\nwait, and exit. For each of the new threads the copy_process() gets\ninvoked, which adds the new task_struct and calls sched_post_fork()\nfor it.\n\nIn the above scenario there is a possibility that\nsetpriority(PRIO_PGRP) and set_one_prio() will be called for a thread\nin the group that is just being created by copy_process(), and for\nwhich the sched_post_fork() has not been executed yet. This will\ntrigger a null pointer dereference in reweight_entity(), as it will\ntry to access the run queue pointer, which hasn\u0027t been set.\n\nBefore the mentioned change the cfs_rq pointer for the task has been\nset in sched_fork(), which is called much earlier in copy_process(),\nbefore the new task is added to the thread_group. Now it is done in\nthe sched_post_fork(), which is called after that. To fix the issue\nthe remove the update_load param from the update_load param() function\nand call reweight_task() only if the task flag doesn\u0027t have the\nTASK_NEW flag set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48921",
"url": "https://www.suse.com/security/cve/CVE-2022-48921"
},
{
"category": "external",
"summary": "SUSE Bug 1229635 for CVE-2022-48921",
"url": "https://bugzilla.suse.com/1229635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48921"
},
{
"cve": "CVE-2022-48923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: prevent copying too big compressed lzo segment\n\nCompressed length can be corrupted to be a lot larger than memory\nwe have allocated for buffer.\nThis will cause memcpy in copy_compressed_segment to write outside\nof allocated memory.\n\nThis mostly results in stuck read syscall but sometimes when using\nbtrfs send can get #GP\n\n kernel: general protection fault, probably for non-canonical address 0x841551d5c1000: 0000 [#1] PREEMPT SMP NOPTI\n kernel: CPU: 17 PID: 264 Comm: kworker/u256:7 Tainted: P OE 5.17.0-rc2-1 #12\n kernel: Workqueue: btrfs-endio btrfs_work_helper [btrfs]\n kernel: RIP: 0010:lzo_decompress_bio (./include/linux/fortify-string.h:225 fs/btrfs/lzo.c:322 fs/btrfs/lzo.c:394) btrfs\n Code starting with the faulting instruction\n ===========================================\n 0:* 48 8b 06 mov (%rsi),%rax \u003c-- trapping instruction\n 3: 48 8d 79 08 lea 0x8(%rcx),%rdi\n 7: 48 83 e7 f8 and $0xfffffffffffffff8,%rdi\n b: 48 89 01 mov %rax,(%rcx)\n e: 44 89 f0 mov %r14d,%eax\n 11: 48 8b 54 06 f8 mov -0x8(%rsi,%rax,1),%rdx\n kernel: RSP: 0018:ffffb110812efd50 EFLAGS: 00010212\n kernel: RAX: 0000000000001000 RBX: 000000009ca264c8 RCX: ffff98996e6d8ff8\n kernel: RDX: 0000000000000064 RSI: 000841551d5c1000 RDI: ffffffff9500435d\n kernel: RBP: ffff989a3be856c0 R08: 0000000000000000 R09: 0000000000000000\n kernel: R10: 0000000000000000 R11: 0000000000001000 R12: ffff98996e6d8000\n kernel: R13: 0000000000000008 R14: 0000000000001000 R15: 000841551d5c1000\n kernel: FS: 0000000000000000(0000) GS:ffff98a09d640000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 00001e9f984d9ea8 CR3: 000000014971a000 CR4: 00000000003506e0\n kernel: Call Trace:\n kernel: \u003cTASK\u003e\n kernel: end_compressed_bio_read (fs/btrfs/compression.c:104 fs/btrfs/compression.c:1363 fs/btrfs/compression.c:323) btrfs\n kernel: end_workqueue_fn (fs/btrfs/disk-io.c:1923) btrfs\n kernel: btrfs_work_helper (fs/btrfs/async-thread.c:326) btrfs\n kernel: process_one_work (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:212 ./include/trace/events/workqueue.h:108 kernel/workqueue.c:2312)\n kernel: worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2455)\n kernel: ? process_one_work (kernel/workqueue.c:2397)\n kernel: kthread (kernel/kthread.c:377)\n kernel: ? kthread_complete_and_exit (kernel/kthread.c:332)\n kernel: ret_from_fork (arch/x86/entry/entry_64.S:301)\n kernel: \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48923",
"url": "https://www.suse.com/security/cve/CVE-2022-48923"
},
{
"category": "external",
"summary": "SUSE Bug 1229662 for CVE-2022-48923",
"url": "https://bugzilla.suse.com/1229662"
},
{
"category": "external",
"summary": "SUSE Bug 1229663 for CVE-2022-48923",
"url": "https://bugzilla.suse.com/1229663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2022-48923"
},
{
"cve": "CVE-2022-48924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: int340x: fix memory leak in int3400_notify()\n\nIt is easy to hit the below memory leaks in my TigerLake platform:\n\nunreferenced object 0xffff927c8b91dbc0 (size 32):\n comm \"kworker/0:2\", pid 112, jiffies 4294893323 (age 83.604s)\n hex dump (first 32 bytes):\n 4e 41 4d 45 3d 49 4e 54 33 34 30 30 20 54 68 65 NAME=INT3400 The\n 72 6d 61 6c 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 rmal.kkkkkkkkkk.\n backtrace:\n [\u003cffffffff9c502c3e\u003e] __kmalloc_track_caller+0x2fe/0x4a0\n [\u003cffffffff9c7b7c15\u003e] kvasprintf+0x65/0xd0\n [\u003cffffffff9c7b7d6e\u003e] kasprintf+0x4e/0x70\n [\u003cffffffffc04cb662\u003e] int3400_notify+0x82/0x120 [int3400_thermal]\n [\u003cffffffff9c8b7358\u003e] acpi_ev_notify_dispatch+0x54/0x71\n [\u003cffffffff9c88f1a7\u003e] acpi_os_execute_deferred+0x17/0x30\n [\u003cffffffff9c2c2c0a\u003e] process_one_work+0x21a/0x3f0\n [\u003cffffffff9c2c2e2a\u003e] worker_thread+0x4a/0x3b0\n [\u003cffffffff9c2cb4dd\u003e] kthread+0xfd/0x130\n [\u003cffffffff9c201c1f\u003e] ret_from_fork+0x1f/0x30\n\nFix it by calling kfree() accordingly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48924",
"url": "https://www.suse.com/security/cve/CVE-2022-48924"
},
{
"category": "external",
"summary": "SUSE Bug 1229631 for CVE-2022-48924",
"url": "https://bugzilla.suse.com/1229631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48924"
},
{
"cve": "CVE-2022-48925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Do not change route.addr.src_addr outside state checks\n\nIf the state is not idle then resolve_prepare_src() should immediately\nfail and no change to global state should happen. However, it\nunconditionally overwrites the src_addr trying to build a temporary any\naddress.\n\nFor instance if the state is already RDMA_CM_LISTEN then this will corrupt\nthe src_addr and would cause the test in cma_cancel_operation():\n\n if (cma_any_addr(cma_src_addr(id_priv)) \u0026\u0026 !id_priv-\u003ecma_dev)\n\nWhich would manifest as this trace from syzkaller:\n\n BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0 lib/list_debug.c:26\n Read of size 8 at addr ffff8881546491e0 by task syz-executor.1/32204\n\n CPU: 1 PID: 32204 Comm: syz-executor.1 Not tainted 5.12.0-rc8-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n Call Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x141/0x1d7 lib/dump_stack.c:120\n print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:232\n __kasan_report mm/kasan/report.c:399 [inline]\n kasan_report.cold+0x7c/0xd8 mm/kasan/report.c:416\n __list_add_valid+0x93/0xa0 lib/list_debug.c:26\n __list_add include/linux/list.h:67 [inline]\n list_add_tail include/linux/list.h:100 [inline]\n cma_listen_on_all drivers/infiniband/core/cma.c:2557 [inline]\n rdma_listen+0x787/0xe00 drivers/infiniband/core/cma.c:3751\n ucma_listen+0x16a/0x210 drivers/infiniband/core/ucma.c:1102\n ucma_write+0x259/0x350 drivers/infiniband/core/ucma.c:1732\n vfs_write+0x28e/0xa30 fs/read_write.c:603\n ksys_write+0x1ee/0x250 fs/read_write.c:658\n do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThis is indicating that an rdma_id_private was destroyed without doing\ncma_cancel_listens().\n\nInstead of trying to re-use the src_addr memory to indirectly create an\nany address derived from the dst build one explicitly on the stack and\nbind to that as any other normal flow would do. rdma_bind_addr() will copy\nit over the src_addr once it knows the state is valid.\n\nThis is similar to commit bc0bdc5afaa7 (\"RDMA/cma: Do not change\nroute.addr.src_addr.ss_family\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48925",
"url": "https://www.suse.com/security/cve/CVE-2022-48925"
},
{
"category": "external",
"summary": "SUSE Bug 1229630 for CVE-2022-48925",
"url": "https://bugzilla.suse.com/1229630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48925"
},
{
"cve": "CVE-2022-48926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: rndis: add spinlock for rndis response list\n\nThere\u0027s no lock for rndis response list. It could cause list corruption\nif there\u0027re two different list_add at the same time like below.\nIt\u0027s better to add in rndis_add_response / rndis_free_response\n/ rndis_get_next_response to prevent any race condition on response list.\n\n[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.\nnext-\u003eprev should be prev (ffffff80651764d0),\nbut was ffffff883dc36f80. (next=ffffff80651764d0).\n\n[ 361.904380] [1: irq/191-dwc3:16979] Call trace:\n[ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90\n[ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0\n[ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84\n[ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4\n[ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60\n[ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0\n[ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc\n[ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc\n[ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec\n[ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48926",
"url": "https://www.suse.com/security/cve/CVE-2022-48926"
},
{
"category": "external",
"summary": "SUSE Bug 1229629 for CVE-2022-48926",
"url": "https://bugzilla.suse.com/1229629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48926"
},
{
"cve": "CVE-2022-48927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: tsc2046: fix memory corruption by preventing array overflow\n\nOn one side we have indio_dev-\u003enum_channels includes all physical channels +\ntimestamp channel. On other side we have an array allocated only for\nphysical channels. So, fix memory corruption by ARRAY_SIZE() instead of\nnum_channels variable.\n\nNote the first case is a cleanup rather than a fix as the software\ntimestamp channel bit in active_scanmask is never set by the IIO core.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48927",
"url": "https://www.suse.com/security/cve/CVE-2022-48927"
},
{
"category": "external",
"summary": "SUSE Bug 1229628 for CVE-2022-48927",
"url": "https://bugzilla.suse.com/1229628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48927"
},
{
"cve": "CVE-2022-48928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48928"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: men_z188_adc: Fix a resource leak in an error handling path\n\nIf iio_device_register() fails, a previous ioremap() is left unbalanced.\n\nUpdate the error handling path and add the missing iounmap() call, as\nalready done in the remove function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48928",
"url": "https://www.suse.com/security/cve/CVE-2022-48928"
},
{
"category": "external",
"summary": "SUSE Bug 1229626 for CVE-2022-48928",
"url": "https://bugzilla.suse.com/1229626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48928"
},
{
"cve": "CVE-2022-48929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de (\"bpf: Support bpf program calling kernel function\") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 (\"bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL\")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg-\u003etype to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48929",
"url": "https://www.suse.com/security/cve/CVE-2022-48929"
},
{
"category": "external",
"summary": "SUSE Bug 1229625 for CVE-2022-48929",
"url": "https://bugzilla.suse.com/1229625"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48929"
},
{
"cve": "CVE-2022-48930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/ib_srp: Fix a deadlock\n\nRemove the flush_workqueue(system_long_wq) call since flushing\nsystem_long_wq is deadlock-prone and since that call is redundant with a\npreceding cancel_work_sync()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48930",
"url": "https://www.suse.com/security/cve/CVE-2022-48930"
},
{
"category": "external",
"summary": "SUSE Bug 1229624 for CVE-2022-48930",
"url": "https://bugzilla.suse.com/1229624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48930"
},
{
"cve": "CVE-2022-48931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nconfigfs: fix a race in configfs_{,un}register_subsystem()\n\nWhen configfs_register_subsystem() or configfs_unregister_subsystem()\nis executing link_group() or unlink_group(),\nit is possible that two processes add or delete list concurrently.\nSome unfortunate interleavings of them can cause kernel panic.\n\nOne of cases is:\nA --\u003e B --\u003e C --\u003e D\nA \u003c-- B \u003c-- C \u003c-- D\n\n delete list_head *B | delete list_head *C\n--------------------------------|-----------------------------------\nconfigfs_unregister_subsystem | configfs_unregister_subsystem\n unlink_group | unlink_group\n unlink_obj | unlink_obj\n list_del_init | list_del_init\n __list_del_entry | __list_del_entry\n __list_del | __list_del\n // next == C |\n next-\u003eprev = prev |\n | next-\u003eprev = prev\n prev-\u003enext = next |\n | // prev == B\n | prev-\u003enext = next\n\nFix this by adding mutex when calling link_group() or unlink_group(),\nbut parent configfs_subsystem is NULL when config_item is root.\nSo I create a mutex configfs_subsystem_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48931",
"url": "https://www.suse.com/security/cve/CVE-2022-48931"
},
{
"category": "external",
"summary": "SUSE Bug 1229623 for CVE-2022-48931",
"url": "https://bugzilla.suse.com/1229623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48931"
},
{
"cve": "CVE-2022-48932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48932"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte\n\nWhen adding a rule with 32 destinations, we hit the following out-of-band\naccess issue:\n\n BUG: KASAN: slab-out-of-bounds in mlx5_cmd_dr_create_fte+0x18ee/0x1e70\n\nThis patch fixes the issue by both increasing the allocated buffers to\naccommodate for the needed actions and by checking the number of actions\nto prevent this issue when a rule with too many actions is provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48932",
"url": "https://www.suse.com/security/cve/CVE-2022-48932"
},
{
"category": "external",
"summary": "SUSE Bug 1229622 for CVE-2022-48932",
"url": "https://bugzilla.suse.com/1229622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48932"
},
{
"cve": "CVE-2022-48934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()\n\nida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX)\ninclusive.\nSo NFP_MAX_MAC_INDEX (0xff) is a valid id.\n\nIn order for the error handling path to work correctly, the \u0027invalid\u0027\nvalue for \u0027ida_idx\u0027 should not be in the 0..NFP_MAX_MAC_INDEX range,\ninclusive.\n\nSo set it to -1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48934",
"url": "https://www.suse.com/security/cve/CVE-2022-48934"
},
{
"category": "external",
"summary": "SUSE Bug 1229620 for CVE-2022-48934",
"url": "https://bugzilla.suse.com/1229620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48934"
},
{
"cve": "CVE-2022-48937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: add a schedule point in io_add_buffers()\n\nLooping ~65535 times doing kmalloc() calls can trigger soft lockups,\nespecially with DEBUG features (like KASAN).\n\n[ 253.536212] watchdog: BUG: soft lockup - CPU#64 stuck for 26s! [b219417889:12575]\n[ 253.544433] Modules linked in: vfat fat i2c_mux_pca954x i2c_mux spidev cdc_acm xhci_pci xhci_hcd sha3_generic gq(O)\n[ 253.544451] CPU: 64 PID: 12575 Comm: b219417889 Tainted: G S O 5.17.0-smp-DEV #801\n[ 253.544457] RIP: 0010:kernel_text_address (./include/asm-generic/sections.h:192 ./include/linux/kallsyms.h:29 kernel/extable.c:67 kernel/extable.c:98)\n[ 253.544464] Code: 0f 93 c0 48 c7 c1 e0 63 d7 a4 48 39 cb 0f 92 c1 20 c1 0f b6 c1 5b 5d c3 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 53 48 89 fb \u003c48\u003e c7 c0 00 00 80 a0 41 be 01 00 00 00 48 39 c7 72 0c 48 c7 c0 40\n[ 253.544468] RSP: 0018:ffff8882d8baf4c0 EFLAGS: 00000246\n[ 253.544471] RAX: 1ffff1105b175e00 RBX: ffffffffa13ef09a RCX: 00000000a13ef001\n[ 253.544474] RDX: ffffffffa13ef09a RSI: ffff8882d8baf558 RDI: ffffffffa13ef09a\n[ 253.544476] RBP: ffff8882d8baf4d8 R08: ffff8882d8baf5e0 R09: 0000000000000004\n[ 253.544479] R10: ffff8882d8baf5e8 R11: ffffffffa0d59a50 R12: ffff8882eab20380\n[ 253.544481] R13: ffffffffa0d59a50 R14: dffffc0000000000 R15: 1ffff1105b175eb0\n[ 253.544483] FS: 00000000016d3380(0000) GS:ffff88af48c00000(0000) knlGS:0000000000000000\n[ 253.544486] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 253.544488] CR2: 00000000004af0f0 CR3: 00000002eabfa004 CR4: 00000000003706e0\n[ 253.544491] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 253.544492] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 253.544494] Call Trace:\n[ 253.544496] \u003cTASK\u003e\n[ 253.544498] ? io_queue_sqe (fs/io_uring.c:7143)\n[ 253.544505] __kernel_text_address (kernel/extable.c:78)\n[ 253.544508] unwind_get_return_address (arch/x86/kernel/unwind_frame.c:19)\n[ 253.544514] arch_stack_walk (arch/x86/kernel/stacktrace.c:27)\n[ 253.544517] ? io_queue_sqe (fs/io_uring.c:7143)\n[ 253.544521] stack_trace_save (kernel/stacktrace.c:123)\n[ 253.544527] ____kasan_kmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515)\n[ 253.544531] ? ____kasan_kmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515)\n[ 253.544533] ? __kasan_kmalloc (mm/kasan/common.c:524)\n[ 253.544535] ? kmem_cache_alloc_trace (./include/linux/kasan.h:270 mm/slab.c:3567)\n[ 253.544541] ? io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828)\n[ 253.544544] ? __io_queue_sqe (fs/io_uring.c:?)\n[ 253.544551] __kasan_kmalloc (mm/kasan/common.c:524)\n[ 253.544553] kmem_cache_alloc_trace (./include/linux/kasan.h:270 mm/slab.c:3567)\n[ 253.544556] ? io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828)\n[ 253.544560] io_issue_sqe (fs/io_uring.c:4556 fs/io_uring.c:4589 fs/io_uring.c:6828)\n[ 253.544564] ? __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)\n[ 253.544567] ? __kasan_slab_alloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)\n[ 253.544569] ? kmem_cache_alloc_bulk (mm/slab.h:732 mm/slab.c:3546)\n[ 253.544573] ? __io_alloc_req_refill (fs/io_uring.c:2078)\n[ 253.544578] ? io_submit_sqes (fs/io_uring.c:7441)\n[ 253.544581] ? __se_sys_io_uring_enter (fs/io_uring.c:10154 fs/io_uring.c:10096)\n[ 253.544584] ? __x64_sys_io_uring_enter (fs/io_uring.c:10096)\n[ 253.544587] ? do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n[ 253.544590] ? entry_SYSCALL_64_after_hwframe (??:?)\n[ 253.544596] __io_queue_sqe (fs/io_uring.c:?)\n[ 253.544600] io_queue_sqe (fs/io_uring.c:7143)\n[ 253.544603] io_submit_sqe (fs/io_uring.c:?)\n[ 253.544608] io_submit_sqes (fs/io_uring.c:?)\n[ 253.544612] __se_sys_io_uring_enter (fs/io_uring.c:10154 fs/io_uri\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48937",
"url": "https://www.suse.com/security/cve/CVE-2022-48937"
},
{
"category": "external",
"summary": "SUSE Bug 1229617 for CVE-2022-48937",
"url": "https://bugzilla.suse.com/1229617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48937"
},
{
"cve": "CVE-2022-48938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nCDC-NCM: avoid overflow in sanity checking\n\nA broken device may give an extreme offset like 0xFFF0\nand a reasonable length for a fragment. In the sanity\ncheck as formulated now, this will create an integer\noverflow, defeating the sanity check. Both offset\nand offset + len need to be checked in such a manner\nthat no overflow can occur.\nAnd those quantities should be unsigned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48938",
"url": "https://www.suse.com/security/cve/CVE-2022-48938"
},
{
"category": "external",
"summary": "SUSE Bug 1229664 for CVE-2022-48938",
"url": "https://bugzilla.suse.com/1229664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48938"
},
{
"cve": "CVE-2022-48939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48939"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add schedule points in batch ops\n\nsyzbot reported various soft lockups caused by bpf batch operations.\n\n INFO: task kworker/1:1:27 blocked for more than 140 seconds.\n INFO: task hung in rcu_barrier\n\nNothing prevents batch ops to process huge amount of data,\nwe need to add schedule points in them.\n\nNote that maybe_wait_bpf_programs(map) calls from\ngeneric_map_delete_batch() can be factorized by moving\nthe call after the loop.\n\nThis will be done later in -next tree once we get this fix merged,\nunless there is strong opinion doing this optimization sooner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48939",
"url": "https://www.suse.com/security/cve/CVE-2022-48939"
},
{
"category": "external",
"summary": "SUSE Bug 1229616 for CVE-2022-48939",
"url": "https://bugzilla.suse.com/1229616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48939"
},
{
"cve": "CVE-2022-48940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48940"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to incorrect copy_map_value\n\nWhen both bpf_spin_lock and bpf_timer are present in a BPF map value,\ncopy_map_value needs to skirt both objects when copying a value into and\nout of the map. However, the current code does not set both s_off and\nt_off in copy_map_value, which leads to a crash when e.g. bpf_spin_lock\nis placed in map value with bpf_timer, as bpf_map_update_elem call will\nbe able to overwrite the other timer object.\n\nWhen the issue is not fixed, an overwriting can produce the following\nsplat:\n\n[root@(none) bpf]# ./test_progs -t timer_crash\n[ 15.930339] bpf_testmod: loading out-of-tree module taints kernel.\n[ 16.037849] ==================================================================\n[ 16.038458] BUG: KASAN: user-memory-access in __pv_queued_spin_lock_slowpath+0x32b/0x520\n[ 16.038944] Write of size 8 at addr 0000000000043ec0 by task test_progs/325\n[ 16.039399]\n[ 16.039514] CPU: 0 PID: 325 Comm: test_progs Tainted: G OE 5.16.0+ #278\n[ 16.039983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ArchLinux 1.15.0-1 04/01/2014\n[ 16.040485] Call Trace:\n[ 16.040645] \u003cTASK\u003e\n[ 16.040805] dump_stack_lvl+0x59/0x73\n[ 16.041069] ? __pv_queued_spin_lock_slowpath+0x32b/0x520\n[ 16.041427] kasan_report.cold+0x116/0x11b\n[ 16.041673] ? __pv_queued_spin_lock_slowpath+0x32b/0x520\n[ 16.042040] __pv_queued_spin_lock_slowpath+0x32b/0x520\n[ 16.042328] ? memcpy+0x39/0x60\n[ 16.042552] ? pv_hash+0xd0/0xd0\n[ 16.042785] ? lockdep_hardirqs_off+0x95/0xd0\n[ 16.043079] __bpf_spin_lock_irqsave+0xdf/0xf0\n[ 16.043366] ? bpf_get_current_comm+0x50/0x50\n[ 16.043608] ? jhash+0x11a/0x270\n[ 16.043848] bpf_timer_cancel+0x34/0xe0\n[ 16.044119] bpf_prog_c4ea1c0f7449940d_sys_enter+0x7c/0x81\n[ 16.044500] bpf_trampoline_6442477838_0+0x36/0x1000\n[ 16.044836] __x64_sys_nanosleep+0x5/0x140\n[ 16.045119] do_syscall_64+0x59/0x80\n[ 16.045377] ? lock_is_held_type+0xe4/0x140\n[ 16.045670] ? irqentry_exit_to_user_mode+0xa/0x40\n[ 16.046001] ? mark_held_locks+0x24/0x90\n[ 16.046287] ? asm_exc_page_fault+0x1e/0x30\n[ 16.046569] ? asm_exc_page_fault+0x8/0x30\n[ 16.046851] ? lockdep_hardirqs_on+0x7e/0x100\n[ 16.047137] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 16.047405] RIP: 0033:0x7f9e4831718d\n[ 16.047602] Code: b4 0c 00 0f 05 eb a9 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d b3 6c 0c 00 f7 d8 64 89 01 48\n[ 16.048764] RSP: 002b:00007fff488086b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000023\n[ 16.049275] RAX: ffffffffffffffda RBX: 00007f9e48683740 RCX: 00007f9e4831718d\n[ 16.049747] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fff488086d0\n[ 16.050225] RBP: 00007fff488086f0 R08: 00007fff488085d7 R09: 00007f9e4cb594a0\n[ 16.050648] R10: 0000000000000000 R11: 0000000000000206 R12: 00007f9e484cde30\n[ 16.051124] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 16.051608] \u003c/TASK\u003e\n[ 16.051762] ==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48940",
"url": "https://www.suse.com/security/cve/CVE-2022-48940"
},
{
"category": "external",
"summary": "SUSE Bug 1229615 for CVE-2022-48940",
"url": "https://bugzilla.suse.com/1229615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48940"
},
{
"cve": "CVE-2022-48941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48941"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix concurrent reset and removal of VFs\n\nCommit c503e63200c6 (\"ice: Stop processing VF messages during teardown\")\nintroduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is\nintended to prevent some issues with concurrently handling messages from\nVFs while tearing down the VFs.\n\nThis change was motivated by crashes caused while tearing down and\nbringing up VFs in rapid succession.\n\nIt turns out that the fix actually introduces issues with the VF driver\ncaused because the PF no longer responds to any messages sent by the VF\nduring its .remove routine. This results in the VF potentially removing\nits DMA memory before the PF has shut down the device queues.\n\nAdditionally, the fix doesn\u0027t actually resolve concurrency issues within\nthe ice driver. It is possible for a VF to initiate a reset just prior\nto the ice driver removing VFs. This can result in the remove task\nconcurrently operating while the VF is being reset. This results in\nsimilar memory corruption and panics purportedly fixed by that commit.\n\nFix this concurrency at its root by protecting both the reset and\nremoval flows using the existing VF cfg_lock. This ensures that we\ncannot remove the VF while any outstanding critical tasks such as a\nvirtchnl message or a reset are occurring.\n\nThis locking change also fixes the root cause originally fixed by commit\nc503e63200c6 (\"ice: Stop processing VF messages during teardown\"), so we\ncan simply revert it.\n\nNote that I kept these two changes together because simply reverting the\noriginal commit alone would leave the driver vulnerable to worse race\nconditions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48941",
"url": "https://www.suse.com/security/cve/CVE-2022-48941"
},
{
"category": "external",
"summary": "SUSE Bug 1229614 for CVE-2022-48941",
"url": "https://bugzilla.suse.com/1229614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48941"
},
{
"cve": "CVE-2022-48942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48942"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: Handle failure to register sensor with thermal zone correctly\n\nIf an attempt is made to a sensor with a thermal zone and it fails,\nthe call to devm_thermal_zone_of_sensor_register() may return -ENODEV.\nThis may result in crashes similar to the following.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000003cd\n...\nInternal error: Oops: 96000021 [#1] PREEMPT SMP\n...\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : mutex_lock+0x18/0x60\nlr : thermal_zone_device_update+0x40/0x2e0\nsp : ffff800014c4fc60\nx29: ffff800014c4fc60 x28: ffff365ee3f6e000 x27: ffffdde218426790\nx26: ffff365ee3f6e000 x25: 0000000000000000 x24: ffff365ee3f6e000\nx23: ffffdde218426870 x22: ffff365ee3f6e000 x21: 00000000000003cd\nx20: ffff365ee8bf3308 x19: ffffffffffffffed x18: 0000000000000000\nx17: ffffdde21842689c x16: ffffdde1cb7a0b7c x15: 0000000000000040\nx14: ffffdde21a4889a0 x13: 0000000000000228 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\nx8 : 0000000001120000 x7 : 0000000000000001 x6 : 0000000000000000\nx5 : 0068000878e20f07 x4 : 0000000000000000 x3 : 00000000000003cd\nx2 : ffff365ee3f6e000 x1 : 0000000000000000 x0 : 00000000000003cd\nCall trace:\n mutex_lock+0x18/0x60\n hwmon_notify_event+0xfc/0x110\n 0xffffdde1cb7a0a90\n 0xffffdde1cb7a0b7c\n irq_thread_fn+0x2c/0xa0\n irq_thread+0x134/0x240\n kthread+0x178/0x190\n ret_from_fork+0x10/0x20\nCode: d503201f d503201f d2800001 aa0103e4 (c8e47c02)\n\nJon Hunter reports that the exact call sequence is:\n\nhwmon_notify_event()\n --\u003e hwmon_thermal_notify()\n --\u003e thermal_zone_device_update()\n --\u003e update_temperature()\n --\u003e mutex_lock()\n\nThe hwmon core needs to handle all errors returned from calls\nto devm_thermal_zone_of_sensor_register(). If the call fails\nwith -ENODEV, report that the sensor was not attached to a\nthermal zone but continue to register the hwmon device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48942",
"url": "https://www.suse.com/security/cve/CVE-2022-48942"
},
{
"category": "external",
"summary": "SUSE Bug 1229612 for CVE-2022-48942",
"url": "https://bugzilla.suse.com/1229612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48942"
},
{
"cve": "CVE-2022-48943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: make apf token non-zero to fix bug\n\nIn current async pagefault logic, when a page is ready, KVM relies on\nkvm_arch_can_dequeue_async_page_present() to determine whether to deliver\na READY event to the Guest. This function test token value of struct\nkvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a\nREADY event is finished by Guest. If value is zero meaning that a READY\nevent is done, so the KVM can deliver another.\nBut the kvm_arch_setup_async_pf() may produce a valid token with zero\nvalue, which is confused with previous mention and may lead the loss of\nthis READY event.\n\nThis bug may cause task blocked forever in Guest:\n INFO: task stress:7532 blocked for more than 1254 seconds.\n Not tainted 5.10.0 #16\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:stress state:D stack: 0 pid: 7532 ppid: 1409\n flags:0x00000080\n Call Trace:\n __schedule+0x1e7/0x650\n schedule+0x46/0xb0\n kvm_async_pf_task_wait_schedule+0xad/0xe0\n ? exit_to_user_mode_prepare+0x60/0x70\n __kvm_handle_async_pf+0x4f/0xb0\n ? asm_exc_page_fault+0x8/0x30\n exc_page_fault+0x6f/0x110\n ? asm_exc_page_fault+0x8/0x30\n asm_exc_page_fault+0x1e/0x30\n RIP: 0033:0x402d00\n RSP: 002b:00007ffd31912500 EFLAGS: 00010206\n RAX: 0000000000071000 RBX: ffffffffffffffff RCX: 00000000021a32b0\n RDX: 000000000007d011 RSI: 000000000007d000 RDI: 00000000021262b0\n RBP: 00000000021262b0 R08: 0000000000000003 R09: 0000000000000086\n R10: 00000000000000eb R11: 00007fefbdf2baa0 R12: 0000000000000000\n R13: 0000000000000002 R14: 000000000007d000 R15: 0000000000001000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48943",
"url": "https://www.suse.com/security/cve/CVE-2022-48943"
},
{
"category": "external",
"summary": "SUSE Bug 1229645 for CVE-2022-48943",
"url": "https://bugzilla.suse.com/1229645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2022-48943"
},
{
"cve": "CVE-2023-3610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3610"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.\n\nWe recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3610",
"url": "https://www.suse.com/security/cve/CVE-2023-3610"
},
{
"category": "external",
"summary": "SUSE Bug 1213580 for CVE-2023-3610",
"url": "https://bugzilla.suse.com/1213580"
},
{
"category": "external",
"summary": "SUSE Bug 1213584 for CVE-2023-3610",
"url": "https://bugzilla.suse.com/1213584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2023-3610"
},
{
"cve": "CVE-2023-52458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52458"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: add check that partition length needs to be aligned with block size\n\nBefore calling add partition or resize partition, there is no check\non whether the length is aligned with the logical block size.\nIf the logical block size of the disk is larger than 512 bytes,\nthen the partition size maybe not the multiple of the logical block size,\nand when the last sector is read, bio_truncate() will adjust the bio size,\nresulting in an IO error if the size of the read command is smaller than\nthe logical block size.If integrity data is supported, this will also\nresult in a null pointer dereference when calling bio_integrity_free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52458",
"url": "https://www.suse.com/security/cve/CVE-2023-52458"
},
{
"category": "external",
"summary": "SUSE Bug 1220428 for CVE-2023-52458",
"url": "https://bugzilla.suse.com/1220428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52458"
},
{
"cve": "CVE-2023-52489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/sparsemem: fix race in accessing memory_section-\u003eusage\n\nThe below race is observed on a PFN which falls into the device memory\nregion with the system memory configuration where PFN\u0027s are such that\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end\npfn contains the device memory PFN\u0027s as well, the compaction triggered\nwill try on the device memory PFN\u0027s too though they end up in NOP(because\npfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When\nfrom other core, the section mappings are being removed for the\nZONE_DEVICE region, that the PFN in question belongs to, on which\ncompaction is currently being operated is resulting into the kernel crash\nwith CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1].\n\ncompact_zone()\t\t\tmemunmap_pages\n-------------\t\t\t---------------\n__pageblock_pfn_to_page\n ......\n (a)pfn_valid():\n valid_section()//return true\n\t\t\t (b)__remove_pages()-\u003e\n\t\t\t\t sparse_remove_section()-\u003e\n\t\t\t\t section_deactivate():\n\t\t\t\t [Free the array ms-\u003eusage and set\n\t\t\t\t ms-\u003eusage = NULL]\n pfn_section_valid()\n [Access ms-\u003eusage which\n is NULL]\n\nNOTE: From the above it can be said that the race is reduced to between\nthe pfn_valid()/pfn_section_valid() and the section deactivate with\nSPASEMEM_VMEMAP enabled.\n\nThe commit b943f045a9af(\"mm/sparse: fix kernel crash with\npfn_section_valid check\") tried to address the same problem by clearing\nthe SECTION_HAS_MEM_MAP with the expectation of valid_section() returns\nfalse thus ms-\u003eusage is not accessed.\n\nFix this issue by the below steps:\n\na) Clear SECTION_HAS_MEM_MAP before freeing the -\u003eusage.\n\nb) RCU protected read side critical section will either return NULL\n when SECTION_HAS_MEM_MAP is cleared or can successfully access -\u003eusage.\n\nc) Free the -\u003eusage with kfree_rcu() and set ms-\u003eusage = NULL. No\n attempt will be made to access -\u003eusage after this as the\n SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.\n\nThanks to David/Pavan for their inputs on this patch.\n\n[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/\n\nOn Snapdragon SoC, with the mentioned memory configuration of PFN\u0027s as\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of\nissues daily while testing on a device farm.\n\nFor this particular issue below is the log. Though the below log is\nnot directly pointing to the pfn_section_valid(){ ms-\u003eusage;}, when we\nloaded this dump on T32 lauterbach tool, it is pointing.\n\n[ 540.578056] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\n[ 540.578068] Mem abort info:\n[ 540.578070] ESR = 0x0000000096000005\n[ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 540.578077] SET = 0, FnV = 0\n[ 540.578080] EA = 0, S1PTW = 0\n[ 540.578082] FSC = 0x05: level 1 translation fault\n[ 540.578085] Data abort info:\n[ 540.578086] ISV = 0, ISS = 0x00000005\n[ 540.578088] CM = 0, WnR = 0\n[ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)\n[ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c\n[ 540.579454] lr : compact_zone+0x994/0x1058\n[ 540.579460] sp : ffffffc03579b510\n[ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c\n[ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640\n[ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000\n[ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140\n[ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff\n[ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001\n[ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440\n[ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4\n[ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52489",
"url": "https://www.suse.com/security/cve/CVE-2023-52489"
},
{
"category": "external",
"summary": "SUSE Bug 1221326 for CVE-2023-52489",
"url": "https://bugzilla.suse.com/1221326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52489"
},
{
"cve": "CVE-2023-52498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52498"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: sleep: Fix possible deadlocks in core system-wide PM code\n\nIt is reported that in low-memory situations the system-wide resume core\ncode deadlocks, because async_schedule_dev() executes its argument\nfunction synchronously if it cannot allocate memory (and not only in\nthat case) and that function attempts to acquire a mutex that is already\nheld. Executing the argument function synchronously from within\ndpm_async_fn() may also be problematic for ordering reasons (it may\ncause a consumer device\u0027s resume callback to be invoked before a\nrequisite supplier device\u0027s one, for example).\n\nAddress this by changing the code in question to use\nasync_schedule_dev_nocall() for scheduling the asynchronous\nexecution of device suspend and resume functions and to directly\nrun them synchronously if async_schedule_dev_nocall() returns false.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52498",
"url": "https://www.suse.com/security/cve/CVE-2023-52498"
},
{
"category": "external",
"summary": "SUSE Bug 1221269 for CVE-2023-52498",
"url": "https://bugzilla.suse.com/1221269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52498"
},
{
"cve": "CVE-2023-52581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak when more than 255 elements expired\n\nWhen more than 255 elements expired we\u0027re supposed to switch to a new gc\ncontainer structure.\n\nThis never happens: u8 type will wrap before reaching the boundary\nand nft_trans_gc_space() always returns true.\n\nThis means we recycle the initial gc container structure and\nlose track of the elements that came before.\n\nWhile at it, don\u0027t deref \u0027gc\u0027 after we\u0027ve passed it to call_rcu.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52581",
"url": "https://www.suse.com/security/cve/CVE-2023-52581"
},
{
"category": "external",
"summary": "SUSE Bug 1220877 for CVE-2023-52581",
"url": "https://bugzilla.suse.com/1220877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52581"
},
{
"cve": "CVE-2023-52859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: hisi: Fix use-after-free when register pmu fails\n\nWhen we fail to register the uncore pmu, the pmu context may not been\nallocated. The error handing will call cpuhp_state_remove_instance()\nto call uncore pmu offline callback, which migrate the pmu context.\nSince that\u0027s liable to lead to some kind of use-after-free.\n\nUse cpuhp_state_remove_instance_nocalls() instead of\ncpuhp_state_remove_instance() so that the notifiers don\u0027t execute after\nthe PMU device has been failed to register.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52859",
"url": "https://www.suse.com/security/cve/CVE-2023-52859"
},
{
"category": "external",
"summary": "SUSE Bug 1225582 for CVE-2023-52859",
"url": "https://bugzilla.suse.com/1225582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52859"
},
{
"cve": "CVE-2023-52887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new\n\nThis patch enhances error handling in scenarios with RTS (Request to\nSend) messages arriving closely. It replaces the less informative WARN_ON_ONCE\nbacktraces with a new error handling method. This provides clearer error\nmessages and allows for the early termination of problematic sessions.\nPreviously, sessions were only released at the end of j1939_xtp_rx_rts().\n\nPotentially this could be reproduced with something like:\ntestj1939 -r vcan0:0x80 \u0026\nwhile true; do\n\t# send first RTS\n\tcansend vcan0 18EC8090#1014000303002301;\n\t# send second RTS\n\tcansend vcan0 18EC8090#1014000303002301;\n\t# send abort\n\tcansend vcan0 18EC8090#ff00000000002301;\ndone",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52887",
"url": "https://www.suse.com/security/cve/CVE-2023-52887"
},
{
"category": "external",
"summary": "SUSE Bug 1228426 for CVE-2023-52887",
"url": "https://bugzilla.suse.com/1228426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52887"
},
{
"cve": "CVE-2023-52889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)-\u003elabel is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n BUG: kernel NULL pointer dereference, address: 000000000000004c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n RIP: 0010:aa_label_next_confined+0xb/0x40\n Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 \u003c8b\u003e 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? aa_label_next_confined+0xb/0x40\n apparmor_secmark_check+0xec/0x330\n security_sock_rcv_skb+0x35/0x50\n sk_filter_trim_cap+0x47/0x250\n sock_queue_rcv_skb_reason+0x20/0x60\n raw_rcv+0x13c/0x210\n raw_local_deliver+0x1f3/0x250\n ip_protocol_deliver_rcu+0x4f/0x2f0\n ip_local_deliver_finish+0x76/0xa0\n __netif_receive_skb_one_core+0x89/0xa0\n netif_receive_skb+0x119/0x170\n ? __netdev_alloc_skb+0x3d/0x140\n vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n __napi_poll+0x28/0x1b0\n net_rx_action+0x2a4/0x380\n __do_softirq+0xd1/0x2c8\n __irq_exit_rcu+0xbb/0xf0\n common_interrupt+0x86/0xa0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_common_interrupt+0x26/0x40\n RIP: 0010:apparmor_socket_post_create+0xb/0x200\n Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 \u003c55\u003e 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n ? __pfx_apparmor_socket_post_create+0x10/0x10\n security_socket_post_create+0x4b/0x80\n __sock_create+0x176/0x1f0\n __sys_socket+0x89/0x100\n __x64_sys_socket+0x17/0x20\n do_syscall_64+0x5d/0x90\n ? do_syscall_64+0x6c/0x90\n ? do_syscall_64+0x6c/0x90\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52889",
"url": "https://www.suse.com/security/cve/CVE-2023-52889"
},
{
"category": "external",
"summary": "SUSE Bug 1229287 for CVE-2023-52889",
"url": "https://bugzilla.suse.com/1229287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52889"
},
{
"cve": "CVE-2023-52893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52893"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngsmi: fix null-deref in gsmi_get_variable\n\nWe can get EFI variables without fetching the attribute, so we must\nallow for that in gsmi.\n\ncommit 859748255b43 (\"efi: pstore: Omit efivars caching EFI varstore\naccess layer\") added a new get_variable call with attr=NULL, which\ntriggers panic in gsmi.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52893",
"url": "https://www.suse.com/security/cve/CVE-2023-52893"
},
{
"category": "external",
"summary": "SUSE Bug 1229535 for CVE-2023-52893",
"url": "https://bugzilla.suse.com/1229535"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52893"
},
{
"cve": "CVE-2023-52894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52894"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()\n\nIn Google internal bug 265639009 we\u0027ve received an (as yet) unreproducible\ncrash report from an aarch64 GKI 5.10.149-android13 running device.\n\nAFAICT the source code is at:\n https://android.googlesource.com/kernel/common/+/refs/tags/ASB-2022-12-05_13-5.10\n\nThe call stack is:\n ncm_close() -\u003e ncm_notify() -\u003e ncm_do_notify()\nwith the crash at:\n ncm_do_notify+0x98/0x270\nCode: 79000d0b b9000a6c f940012a f9400269 (b9405d4b)\n\nWhich I believe disassembles to (I don\u0027t know ARM assembly, but it looks sane enough to me...):\n\n // halfword (16-bit) store presumably to event-\u003ewLength (at offset 6 of struct usb_cdc_notification)\n 0B 0D 00 79 strh w11, [x8, #6]\n\n // word (32-bit) store presumably to req-\u003eLength (at offset 8 of struct usb_request)\n 6C 0A 00 B9 str w12, [x19, #8]\n\n // x10 (NULL) was read here from offset 0 of valid pointer x9\n // IMHO we\u0027re reading \u0027cdev-\u003egadget\u0027 and getting NULL\n // gadget is indeed at offset 0 of struct usb_composite_dev\n 2A 01 40 F9 ldr x10, [x9]\n\n // loading req-\u003ebuf pointer, which is at offset 0 of struct usb_request\n 69 02 40 F9 ldr x9, [x19]\n\n // x10 is null, crash, appears to be attempt to read cdev-\u003egadget-\u003emax_speed\n 4B 5D 40 B9 ldr w11, [x10, #0x5c]\n\nwhich seems to line up with ncm_do_notify() case NCM_NOTIFY_SPEED code fragment:\n\n event-\u003ewLength = cpu_to_le16(8);\n req-\u003elength = NCM_STATUS_BYTECOUNT;\n\n /* SPEED_CHANGE data is up/down speeds in bits/sec */\n data = req-\u003ebuf + sizeof *event;\n data[0] = cpu_to_le32(ncm_bitrate(cdev-\u003egadget));\n\nMy analysis of registers and NULL ptr deref crash offset\n (Unable to handle kernel NULL pointer dereference at virtual address 000000000000005c)\nheavily suggests that the crash is due to \u0027cdev-\u003egadget\u0027 being NULL when executing:\n data[0] = cpu_to_le32(ncm_bitrate(cdev-\u003egadget));\nwhich calls:\n ncm_bitrate(NULL)\nwhich then calls:\n gadget_is_superspeed(NULL)\nwhich reads\n ((struct usb_gadget *)NULL)-\u003emax_speed\nand hits a panic.\n\nAFAICT, if I\u0027m counting right, the offset of max_speed is indeed 0x5C.\n(remember there\u0027s a GKI KABI reservation of 16 bytes in struct work_struct)\n\nIt\u0027s not at all clear to me how this is all supposed to work...\nbut returning 0 seems much better than panic-ing...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52894",
"url": "https://www.suse.com/security/cve/CVE-2023-52894"
},
{
"category": "external",
"summary": "SUSE Bug 1229566 for CVE-2023-52894",
"url": "https://bugzilla.suse.com/1229566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52894"
},
{
"cve": "CVE-2023-52896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52896"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between quota rescan and disable leading to NULL pointer deref\n\nIf we have one task trying to start the quota rescan worker while another\none is trying to disable quotas, we can end up hitting a race that results\nin the quota rescan worker doing a NULL pointer dereference. The steps for\nthis are the following:\n\n1) Quotas are enabled;\n\n2) Task A calls the quota rescan ioctl and enters btrfs_qgroup_rescan().\n It calls qgroup_rescan_init() which returns 0 (success) and then joins a\n transaction and commits it;\n\n3) Task B calls the quota disable ioctl and enters btrfs_quota_disable().\n It clears the bit BTRFS_FS_QUOTA_ENABLED from fs_info-\u003eflags and calls\n btrfs_qgroup_wait_for_completion(), which returns immediately since the\n rescan worker is not yet running.\n Then it starts a transaction and locks fs_info-\u003eqgroup_ioctl_lock;\n\n4) Task A queues the rescan worker, by calling btrfs_queue_work();\n\n5) The rescan worker starts, and calls rescan_should_stop() at the start\n of its while loop, which results in 0 iterations of the loop, since\n the flag BTRFS_FS_QUOTA_ENABLED was cleared from fs_info-\u003eflags by\n task B at step 3);\n\n6) Task B sets fs_info-\u003equota_root to NULL;\n\n7) The rescan worker tries to start a transaction and uses\n fs_info-\u003equota_root as the root argument for btrfs_start_transaction().\n This results in a NULL pointer dereference down the call chain of\n btrfs_start_transaction(). The stack trace is something like the one\n reported in Link tag below:\n\n general protection fault, probably for non-canonical address 0xdffffc0000000041: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000208-0x000000000000020f]\n CPU: 1 PID: 34 Comm: kworker/u4:2 Not tainted 6.1.0-syzkaller-13872-gb6bb9676f216 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Workqueue: btrfs-qgroup-rescan btrfs_work_helper\n RIP: 0010:start_transaction+0x48/0x10f0 fs/btrfs/transaction.c:564\n Code: 48 89 fb 48 (...)\n RSP: 0018:ffffc90000ab7ab0 EFLAGS: 00010206\n RAX: 0000000000000041 RBX: 0000000000000208 RCX: ffff88801779ba80\n RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000\n RBP: dffffc0000000000 R08: 0000000000000001 R09: fffff52000156f5d\n R10: fffff52000156f5d R11: 1ffff92000156f5c R12: 0000000000000000\n R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000003\n FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f2bea75b718 CR3: 000000001d0cc000 CR4: 00000000003506e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n btrfs_qgroup_rescan_worker+0x3bb/0x6a0 fs/btrfs/qgroup.c:3402\n btrfs_work_helper+0x312/0x850 fs/btrfs/async-thread.c:280\n process_one_work+0x877/0xdb0 kernel/workqueue.c:2289\n worker_thread+0xb14/0x1330 kernel/workqueue.c:2436\n kthread+0x266/0x300 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n \u003c/TASK\u003e\n Modules linked in:\n\nSo fix this by having the rescan worker function not attempt to start a\ntransaction if it didn\u0027t do any rescan work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52896",
"url": "https://www.suse.com/security/cve/CVE-2023-52896"
},
{
"category": "external",
"summary": "SUSE Bug 1229533 for CVE-2023-52896",
"url": "https://bugzilla.suse.com/1229533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52896"
},
{
"cve": "CVE-2023-52898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52898"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix null pointer dereference when host dies\n\nMake sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race\nand cause null pointer dereference when host suddenly dies.\n\nUsb core may call xhci_free_dev() which frees the xhci-\u003edevs[slot_id]\nvirt device at the same time that xhci_kill_endpoint_urbs() tries to\nloop through all the device\u0027s endpoints, checking if there are any\ncancelled urbs left to give back.\n\nhold the xhci spinlock while freeing the virt device",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52898",
"url": "https://www.suse.com/security/cve/CVE-2023-52898"
},
{
"category": "external",
"summary": "SUSE Bug 1229568 for CVE-2023-52898",
"url": "https://bugzilla.suse.com/1229568"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52898"
},
{
"cve": "CVE-2023-52899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52899"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nAdd exception protection processing for vd in axi_chan_handle_err function\n\nSince there is no protection for vd, a kernel panic will be\ntriggered here in exceptional cases.\n\nYou can refer to the processing of axi_chan_block_xfer_complete function\n\nThe triggered kernel panic is as follows:\n\n[ 67.848444] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n[ 67.848447] Mem abort info:\n[ 67.848449] ESR = 0x96000004\n[ 67.848451] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 67.848454] SET = 0, FnV = 0\n[ 67.848456] EA = 0, S1PTW = 0\n[ 67.848458] Data abort info:\n[ 67.848460] ISV = 0, ISS = 0x00000004\n[ 67.848462] CM = 0, WnR = 0\n[ 67.848465] user pgtable: 4k pages, 48-bit VAs, pgdp=00000800c4c0b000\n[ 67.848468] [0000000000000060] pgd=0000000000000000, p4d=0000000000000000\n[ 67.848472] Internal error: Oops: 96000004 [#1] SMP\n[ 67.848475] Modules linked in: dmatest\n[ 67.848479] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.100-emu_x2rc+ #11\n[ 67.848483] pstate: 62000085 (nZCv daIf -PAN -UAO +TCO BTYPE=--)\n[ 67.848487] pc : axi_chan_handle_err+0xc4/0x230\n[ 67.848491] lr : axi_chan_handle_err+0x30/0x230\n[ 67.848493] sp : ffff0803fe55ae50\n[ 67.848495] x29: ffff0803fe55ae50 x28: ffff800011212200\n[ 67.848500] x27: ffff0800c42c0080 x26: ffff0800c097c080\n[ 67.848504] x25: ffff800010d33880 x24: ffff80001139d850\n[ 67.848508] x23: ffff0800c097c168 x22: 0000000000000000\n[ 67.848512] x21: 0000000000000080 x20: 0000000000002000\n[ 67.848517] x19: ffff0800c097c080 x18: 0000000000000000\n[ 67.848521] x17: 0000000000000000 x16: 0000000000000000\n[ 67.848525] x15: 0000000000000000 x14: 0000000000000000\n[ 67.848529] x13: 0000000000000000 x12: 0000000000000040\n[ 67.848533] x11: ffff0800c0400248 x10: ffff0800c040024a\n[ 67.848538] x9 : ffff800010576cd4 x8 : ffff0800c0400270\n[ 67.848542] x7 : 0000000000000000 x6 : ffff0800c04003e0\n[ 67.848546] x5 : ffff0800c0400248 x4 : ffff0800c4294480\n[ 67.848550] x3 : dead000000000100 x2 : dead000000000122\n[ 67.848555] x1 : 0000000000000100 x0 : ffff0800c097c168\n[ 67.848559] Call trace:\n[ 67.848562] axi_chan_handle_err+0xc4/0x230\n[ 67.848566] dw_axi_dma_interrupt+0xf4/0x590\n[ 67.848569] __handle_irq_event_percpu+0x60/0x220\n[ 67.848573] handle_irq_event+0x64/0x120\n[ 67.848576] handle_fasteoi_irq+0xc4/0x220\n[ 67.848580] __handle_domain_irq+0x80/0xe0\n[ 67.848583] gic_handle_irq+0xc0/0x138\n[ 67.848585] el1_irq+0xc8/0x180\n[ 67.848588] arch_cpu_idle+0x14/0x2c\n[ 67.848591] default_idle_call+0x40/0x16c\n[ 67.848594] do_idle+0x1f0/0x250\n[ 67.848597] cpu_startup_entry+0x2c/0x60\n[ 67.848600] rest_init+0xc0/0xcc\n[ 67.848603] arch_call_rest_init+0x14/0x1c\n[ 67.848606] start_kernel+0x4cc/0x500\n[ 67.848610] Code: eb0002ff 9a9f12d6 f2fbd5a2 f2fbd5a3 (a94602c1)\n[ 67.848613] ---[ end trace 585a97036f88203a ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52899",
"url": "https://www.suse.com/security/cve/CVE-2023-52899"
},
{
"category": "external",
"summary": "SUSE Bug 1229569 for CVE-2023-52899",
"url": "https://bugzilla.suse.com/1229569"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52899"
},
{
"cve": "CVE-2023-52900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix general protection fault in nilfs_btree_insert()\n\nIf nilfs2 reads a corrupted disk image and tries to reads a b-tree node\nblock by calling __nilfs_btree_get_block() against an invalid virtual\nblock address, it returns -ENOENT because conversion of the virtual block\naddress to a disk block address fails. However, this return value is the\nsame as the internal code that b-tree lookup routines return to indicate\nthat the block being searched does not exist, so functions that operate on\nthat b-tree may misbehave.\n\nWhen nilfs_btree_insert() receives this spurious \u0027not found\u0027 code from\nnilfs_btree_do_lookup(), it misunderstands that the \u0027not found\u0027 check was\nsuccessful and continues the insert operation using incomplete lookup path\ndata, causing the following crash:\n\n general protection fault, probably for non-canonical address\n 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n ...\n RIP: 0010:nilfs_btree_get_nonroot_node fs/nilfs2/btree.c:418 [inline]\n RIP: 0010:nilfs_btree_prepare_insert fs/nilfs2/btree.c:1077 [inline]\n RIP: 0010:nilfs_btree_insert+0x6d3/0x1c10 fs/nilfs2/btree.c:1238\n Code: bc 24 80 00 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89\n ff e8 4b 02 92 fe 4d 8b 3f 49 83 c7 28 4c 89 f8 48 c1 e8 03 \u003c42\u003e 80 3c\n 28 00 74 08 4c 89 ff e8 2e 02 92 fe 4d 8b 3f 49 83 c7 02\n ...\n Call Trace:\n \u003cTASK\u003e\n nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline]\n nilfs_bmap_insert+0x20d/0x360 fs/nilfs2/bmap.c:147\n nilfs_get_block+0x414/0x8d0 fs/nilfs2/inode.c:101\n __block_write_begin_int+0x54c/0x1a80 fs/buffer.c:1991\n __block_write_begin fs/buffer.c:2041 [inline]\n block_write_begin+0x93/0x1e0 fs/buffer.c:2102\n nilfs_write_begin+0x9c/0x110 fs/nilfs2/inode.c:261\n generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772\n __generic_file_write_iter+0x176/0x400 mm/filemap.c:3900\n generic_file_write_iter+0xab/0x310 mm/filemap.c:3932\n call_write_iter include/linux/fs.h:2186 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x7dc/0xc50 fs/read_write.c:584\n ksys_write+0x177/0x2a0 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n ...\n \u003c/TASK\u003e\n\nThis patch fixes the root cause of this problem by replacing the error\ncode that __nilfs_btree_get_block() returns on block address conversion\nfailure from -ENOENT to another internal code -EINVAL which means that the\nb-tree metadata is corrupted.\n\nBy returning -EINVAL, it propagates without glitches, and for all relevant\nb-tree operations, functions in the upper bmap layer output an error\nmessage indicating corrupted b-tree metadata via\nnilfs_bmap_convert_error(), and code -EIO will be eventually returned as\nit should be.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52900",
"url": "https://www.suse.com/security/cve/CVE-2023-52900"
},
{
"category": "external",
"summary": "SUSE Bug 1229581 for CVE-2023-52900",
"url": "https://bugzilla.suse.com/1229581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52900"
},
{
"cve": "CVE-2023-52901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52901"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check endpoint is valid before dereferencing it\n\nWhen the host controller is not responding, all URBs queued to all\nendpoints need to be killed. This can cause a kernel panic if we\ndereference an invalid endpoint.\n\nFix this by using xhci_get_virt_ep() helper to find the endpoint and\nchecking if the endpoint is valid before dereferencing it.\n\n[233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead\n[233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8\n\n[233311.853964] pc : xhci_hc_died+0x10c/0x270\n[233311.853971] lr : xhci_hc_died+0x1ac/0x270\n\n[233311.854077] Call trace:\n[233311.854085] xhci_hc_died+0x10c/0x270\n[233311.854093] xhci_stop_endpoint_command_watchdog+0x100/0x1a4\n[233311.854105] call_timer_fn+0x50/0x2d4\n[233311.854112] expire_timers+0xac/0x2e4\n[233311.854118] run_timer_softirq+0x300/0xabc\n[233311.854127] __do_softirq+0x148/0x528\n[233311.854135] irq_exit+0x194/0x1a8\n[233311.854143] __handle_domain_irq+0x164/0x1d0\n[233311.854149] gic_handle_irq.22273+0x10c/0x188\n[233311.854156] el1_irq+0xfc/0x1a8\n[233311.854175] lpm_cpuidle_enter+0x25c/0x418 [msm_pm]\n[233311.854185] cpuidle_enter_state+0x1f0/0x764\n[233311.854194] do_idle+0x594/0x6ac\n[233311.854201] cpu_startup_entry+0x7c/0x80\n[233311.854209] secondary_start_kernel+0x170/0x198",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52901",
"url": "https://www.suse.com/security/cve/CVE-2023-52901"
},
{
"category": "external",
"summary": "SUSE Bug 1229531 for CVE-2023-52901",
"url": "https://bugzilla.suse.com/1229531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52901"
},
{
"cve": "CVE-2023-52904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52904"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()\n\nThe subs function argument may be NULL, so do not use it before the NULL check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52904",
"url": "https://www.suse.com/security/cve/CVE-2023-52904"
},
{
"category": "external",
"summary": "SUSE Bug 1229529 for CVE-2023-52904",
"url": "https://bugzilla.suse.com/1229529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52904"
},
{
"cve": "CVE-2023-52905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix resource leakage in VF driver unbind\n\nresources allocated like mcam entries to support the Ntuple feature\nand hash tables for the tc feature are not getting freed in driver\nunbind. This patch fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52905",
"url": "https://www.suse.com/security/cve/CVE-2023-52905"
},
{
"category": "external",
"summary": "SUSE Bug 1229528 for CVE-2023-52905",
"url": "https://bugzilla.suse.com/1229528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52905"
},
{
"cve": "CVE-2023-52906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mpls: Fix warning during failed attribute validation\n\nThe \u0027TCA_MPLS_LABEL\u0027 attribute is of \u0027NLA_U32\u0027 type, but has a\nvalidation type of \u0027NLA_VALIDATE_FUNCTION\u0027. This is an invalid\ncombination according to the comment above \u0027struct nla_policy\u0027:\n\n\"\nMeaning of `validate\u0027 field, use via NLA_POLICY_VALIDATE_FN:\n NLA_BINARY Validation function called for the attribute.\n All other Unused - but note that it\u0027s a union\n\"\n\nThis can trigger the warning [1] in nla_get_range_unsigned() when\nvalidation of the attribute fails. Despite being of \u0027NLA_U32\u0027 type, the\nassociated \u0027min\u0027/\u0027max\u0027 fields in the policy are negative as they are\naliased by the \u0027validate\u0027 field.\n\nFix by changing the attribute type to \u0027NLA_BINARY\u0027 which is consistent\nwith the above comment and all other users of NLA_POLICY_VALIDATE_FN().\nAs a result, move the length validation to the validation function.\n\nNo regressions in MPLS tests:\n\n # ./tdc.py -f tc-tests/actions/mpls.json\n [...]\n # echo $?\n 0\n\n[1]\nWARNING: CPU: 0 PID: 17743 at lib/nlattr.c:118\nnla_get_range_unsigned+0x1d8/0x1e0 lib/nlattr.c:117\nModules linked in:\nCPU: 0 PID: 17743 Comm: syz-executor.0 Not tainted 6.1.0-rc8 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014\nRIP: 0010:nla_get_range_unsigned+0x1d8/0x1e0 lib/nlattr.c:117\n[...]\nCall Trace:\n \u003cTASK\u003e\n __netlink_policy_dump_write_attr+0x23d/0x990 net/netlink/policy.c:310\n netlink_policy_dump_write_attr+0x22/0x30 net/netlink/policy.c:411\n netlink_ack_tlv_fill net/netlink/af_netlink.c:2454 [inline]\n netlink_ack+0x546/0x760 net/netlink/af_netlink.c:2506\n netlink_rcv_skb+0x1b7/0x240 net/netlink/af_netlink.c:2546\n rtnetlink_rcv+0x18/0x20 net/core/rtnetlink.c:6109\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg net/socket.c:734 [inline]\n ____sys_sendmsg+0x38f/0x500 net/socket.c:2482\n ___sys_sendmsg net/socket.c:2536 [inline]\n __sys_sendmsg+0x197/0x230 net/socket.c:2565\n __do_sys_sendmsg net/socket.c:2574 [inline]\n __se_sys_sendmsg net/socket.c:2572 [inline]\n __x64_sys_sendmsg+0x42/0x50 net/socket.c:2572\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52906",
"url": "https://www.suse.com/security/cve/CVE-2023-52906"
},
{
"category": "external",
"summary": "SUSE Bug 1229527 for CVE-2023-52906",
"url": "https://bugzilla.suse.com/1229527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52906"
},
{
"cve": "CVE-2023-52907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52907"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Wait for out_urb\u0027s completion in pn533_usb_send_frame()\n\nFix a use-after-free that occurs in hcd when in_urb sent from\npn533_usb_send_frame() is completed earlier than out_urb. Its callback\nfrees the skb data in pn533_send_async_complete() that is used as a\ntransfer buffer of out_urb. Wait before sending in_urb until the\ncallback of out_urb is called. To modify the callback of out_urb alone,\nseparate the complete function of out_urb and ack_urb.\n\nFound by a modified version of syzkaller.\n\nBUG: KASAN: use-after-free in dummy_timer\nCall Trace:\n memcpy (mm/kasan/shadow.c:65)\n dummy_perform_transfer (drivers/usb/gadget/udc/dummy_hcd.c:1352)\n transfer (drivers/usb/gadget/udc/dummy_hcd.c:1453)\n dummy_timer (drivers/usb/gadget/udc/dummy_hcd.c:1972)\n arch_static_branch (arch/x86/include/asm/jump_label.h:27)\n static_key_false (include/linux/jump_label.h:207)\n timer_expire_exit (include/trace/events/timer.h:127)\n call_timer_fn (kernel/time/timer.c:1475)\n expire_timers (kernel/time/timer.c:1519)\n __run_timers (kernel/time/timer.c:1790)\n run_timer_softirq (kernel/time/timer.c:1803)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52907",
"url": "https://www.suse.com/security/cve/CVE-2023-52907"
},
{
"category": "external",
"summary": "SUSE Bug 1229526 for CVE-2023-52907",
"url": "https://bugzilla.suse.com/1229526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52907"
},
{
"cve": "CVE-2023-52908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL dereference\n\nFix potential NULL dereference, in the case when \"man\", the resource manager\nmight be NULL, when/if we print debug information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52908",
"url": "https://www.suse.com/security/cve/CVE-2023-52908"
},
{
"category": "external",
"summary": "SUSE Bug 1229525 for CVE-2023-52908",
"url": "https://bugzilla.suse.com/1229525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52908"
},
{
"cve": "CVE-2023-52909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix handling of cached open files in nfsd4_open codepath\n\nCommit fb70bf124b05 (\"NFSD: Instantiate a struct file when creating a\nregular NFSv4 file\") added the ability to cache an open fd over a\ncompound. There are a couple of problems with the way this currently\nworks:\n\nIt\u0027s racy, as a newly-created nfsd_file can end up with its PENDING bit\ncleared while the nf is hashed, and the nf_file pointer is still zeroed\nout. Other tasks can find it in this state and they expect to see a\nvalid nf_file, and can oops if nf_file is NULL.\n\nAlso, there is no guarantee that we\u0027ll end up creating a new nfsd_file\nif one is already in the hash. If an extant entry is in the hash with a\nvalid nf_file, nfs4_get_vfs_file will clobber its nf_file pointer with\nthe value of op_file and the old nf_file will leak.\n\nFix both issues by making a new nfsd_file_acquirei_opened variant that\ntakes an optional file pointer. If one is present when this is called,\nwe\u0027ll take a new reference to it instead of trying to open the file. If\nthe nfsd_file already has a valid nf_file, we\u0027ll just ignore the\noptional file and pass the nfsd_file back as-is.\n\nAlso rework the tracepoints a bit to allow for an \"opened\" variant and\ndon\u0027t try to avoid counting acquisitions in the case where we already\nhave a cached open file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52909",
"url": "https://www.suse.com/security/cve/CVE-2023-52909"
},
{
"category": "external",
"summary": "SUSE Bug 1229524 for CVE-2023-52909",
"url": "https://bugzilla.suse.com/1229524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52909"
},
{
"cve": "CVE-2023-52910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/iova: Fix alloc iova overflows issue\n\nIn __alloc_and_insert_iova_range, there is an issue that retry_pfn\noverflows. The value of iovad-\u003eanchor.pfn_hi is ~0UL, then when\niovad-\u003ecached_node is iovad-\u003eanchor, curr_iova-\u003epfn_hi + 1 will\noverflow. As a result, if the retry logic is executed, low_pfn is\nupdated to 0, and then new_pfn \u003c low_pfn returns false to make the\nallocation successful.\n\nThis issue occurs in the following two situations:\n1. The first iova size exceeds the domain size. When initializing\niova domain, iovad-\u003ecached_node is assigned as iovad-\u003eanchor. For\nexample, the iova domain size is 10M, start_pfn is 0x1_F000_0000,\nand the iova size allocated for the first time is 11M. The\nfollowing is the log information, new-\u003epfn_lo is smaller than\niovad-\u003ecached_node.\n\nExample log as follows:\n[ 223.798112][T1705487] sh: [name:iova\u0026]__alloc_and_insert_iova_range\nstart_pfn:0x1f0000,retry_pfn:0x0,size:0xb00,limit_pfn:0x1f0a00\n[ 223.799590][T1705487] sh: [name:iova\u0026]__alloc_and_insert_iova_range\nsuccess start_pfn:0x1f0000,new-\u003epfn_lo:0x1efe00,new-\u003epfn_hi:0x1f08ff\n\n2. The node with the largest iova-\u003epfn_lo value in the iova domain\nis deleted, iovad-\u003ecached_node will be updated to iovad-\u003eanchor,\nand then the alloc iova size exceeds the maximum iova size that can\nbe allocated in the domain.\n\nAfter judging that retry_pfn is less than limit_pfn, call retry_pfn+1\nto fix the overflow issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52910",
"url": "https://www.suse.com/security/cve/CVE-2023-52910"
},
{
"category": "external",
"summary": "SUSE Bug 1229523 for CVE-2023-52910",
"url": "https://bugzilla.suse.com/1229523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52910"
},
{
"cve": "CVE-2023-52911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: another fix for the headless Adreno GPU\n\nFix another oops reproducible when rebooting the board with the Adreno\nGPU working in the headless mode (e.g. iMX platforms).\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[00000000] *pgd=74936831, *pte=00000000, *ppte=00000000\nInternal error: Oops: 17 [#1] ARM\nCPU: 0 PID: 51 Comm: reboot Not tainted 6.2.0-rc1-dirty #11\nHardware name: Freescale i.MX53 (Device Tree Support)\nPC is at msm_atomic_commit_tail+0x50/0x970\nLR is at commit_tail+0x9c/0x188\npc : [\u003cc06aa430\u003e] lr : [\u003cc067a214\u003e] psr: 600e0013\nsp : e0851d30 ip : ee4eb7eb fp : 00090acc\nr10: 00000058 r9 : c2193014 r8 : c4310000\nr7 : c4759380 r6 : 07bef61d r5 : 00000000 r4 : 00000000\nr3 : c44cc440 r2 : 00000000 r1 : 00000000 r0 : 00000000\nFlags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none\nControl: 10c5387d Table: 74910019 DAC: 00000051\nRegister r0 information: NULL pointer\nRegister r1 information: NULL pointer\nRegister r2 information: NULL pointer\nRegister r3 information: slab kmalloc-1k start c44cc400 pointer offset 64 size 1024\nRegister r4 information: NULL pointer\nRegister r5 information: NULL pointer\nRegister r6 information: non-paged memory\nRegister r7 information: slab kmalloc-128 start c4759380 pointer offset 0 size 128\nRegister r8 information: slab kmalloc-2k start c4310000 pointer offset 0 size 2048\nRegister r9 information: non-slab/vmalloc memory\nRegister r10 information: non-paged memory\nRegister r11 information: non-paged memory\nRegister r12 information: non-paged memory\nProcess reboot (pid: 51, stack limit = 0xc80046d9)\nStack: (0xe0851d30 to 0xe0852000)\n1d20: c4759380 fbd77200 000005ff 002b9c70\n1d40: c4759380 c4759380 00000000 07bef61d 00000600 c0d6fe7c c2193014 00000058\n1d60: 00090acc c067a214 00000000 c4759380 c4310000 00000000 c44cc854 c067a89c\n1d80: 00000000 00000000 00000000 c4310468 00000000 c4759380 c4310000 c4310468\n1da0: c4310470 c0643258 c4759380 00000000 00000000 c0c4ee24 00000000 c44cc810\n1dc0: 00000000 c0c4ee24 00000000 c44cc810 00000000 0347d2a8 e0851e00 e0851e00\n1de0: c4759380 c067ad20 c4310000 00000000 c44cc810 c27f8718 c44cc854 c067adb8\n1e00: c4933000 00000002 00000001 00000000 00000000 c2130850 00000000 c2130854\n1e20: c25fc488 00000000 c0ff162c 00000000 00000001 00000002 00000000 00000000\n1e40: c43102c0 c43102c0 00000000 0347d2a8 c44cc810 c44cc814 c2133da8 c06d1a60\n1e60: 00000000 00000000 00079028 c2012f24 fee1dead c4933000 00000058 c01431e4\n1e80: 01234567 c0143a20 00000000 00000000 00000000 00000000 00000000 00000000\n1ea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1ec0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n1f80: 00000000 00000000 00000000 0347d2a8 00000002 00000004 00000078 00000058\n1fa0: c010028c c0100060 00000002 00000004 fee1dead 28121969 01234567 00079028\n1fc0: 00000002 00000004 00000078 00000058 0002fdc5 00000000 00000000 00090acc\n1fe0: 00000058 becc9c64 b6e97e05 b6e0e5f6 600e0030 fee1dead 00000000 00000000\n msm_atomic_commit_tail from commit_tail+0x9c/0x188\n commit_tail from drm_atomic_helper_commit+0x160/0x188\n drm_atomic_helper_commit from drm_atomic_commit+0xac/0xe0\n drm_atomic_commit from drm_atomic_helper_disable_all+0x1b0/0x1c0\n drm_atomic_helper_disable_all from drm_atomic_helper_shutdown+0x88/0x140\n drm_atomic_helper_shutdown from device_shutdown+0x16c/0x240\n device_shutdown from kernel_restart+0x38/0x90\n kernel_restart from __do_sys_reboot+0x\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52911",
"url": "https://www.suse.com/security/cve/CVE-2023-52911"
},
{
"category": "external",
"summary": "SUSE Bug 1229522 for CVE-2023-52911",
"url": "https://bugzilla.suse.com/1229522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52911"
},
{
"cve": "CVE-2023-52912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fixed bug on error when unloading amdgpu\n\nFixed bug on error when unloading amdgpu.\n\nThe error message is as follows:\n[ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278!\n[ 377.706215] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 377.706222] CPU: 4 PID: 8610 Comm: modprobe Tainted: G IOE 6.0.0-thomas #1\n[ 377.706231] Hardware name: ASUS System Product Name/PRIME Z390-A, BIOS 2004 11/02/2021\n[ 377.706238] RIP: 0010:drm_buddy_free_block+0x26/0x30 [drm_buddy]\n[ 377.706264] Code: 00 00 00 90 0f 1f 44 00 00 48 8b 0e 89 c8 25 00 0c 00 00 3d 00 04 00 00 75 10 48 8b 47 18 48 d3 e0 48 01 47 28 e9 fa fe ff ff \u003c0f\u003e 0b 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 54 55 48 89 f5 53\n[ 377.706282] RSP: 0018:ffffad2dc4683cb8 EFLAGS: 00010287\n[ 377.706289] RAX: 0000000000000000 RBX: ffff8b1743bd5138 RCX: 0000000000000000\n[ 377.706297] RDX: ffff8b1743bd5160 RSI: ffff8b1743bd5c78 RDI: ffff8b16d1b25f70\n[ 377.706304] RBP: ffff8b1743bd59e0 R08: 0000000000000001 R09: 0000000000000001\n[ 377.706311] R10: ffff8b16c8572400 R11: ffffad2dc4683cf0 R12: ffff8b16d1b25f70\n[ 377.706318] R13: ffff8b16d1b25fd0 R14: ffff8b1743bd59c0 R15: ffff8b16d1b25f70\n[ 377.706325] FS: 00007fec56c72c40(0000) GS:ffff8b1836500000(0000) knlGS:0000000000000000\n[ 377.706334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 377.706340] CR2: 00007f9b88c1ba50 CR3: 0000000110450004 CR4: 00000000003706e0\n[ 377.706347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 377.706354] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 377.706361] Call Trace:\n[ 377.706365] \u003cTASK\u003e\n[ 377.706369] drm_buddy_free_list+0x2a/0x60 [drm_buddy]\n[ 377.706376] amdgpu_vram_mgr_fini+0xea/0x180 [amdgpu]\n[ 377.706572] amdgpu_ttm_fini+0x12e/0x1a0 [amdgpu]\n[ 377.706650] amdgpu_bo_fini+0x22/0x90 [amdgpu]\n[ 377.706727] gmc_v11_0_sw_fini+0x26/0x30 [amdgpu]\n[ 377.706821] amdgpu_device_fini_sw+0xa1/0x3c0 [amdgpu]\n[ 377.706897] amdgpu_driver_release_kms+0x12/0x30 [amdgpu]\n[ 377.706975] drm_dev_release+0x20/0x40 [drm]\n[ 377.707006] release_nodes+0x35/0xb0\n[ 377.707014] devres_release_all+0x8b/0xc0\n[ 377.707020] device_unbind_cleanup+0xe/0x70\n[ 377.707027] device_release_driver_internal+0xee/0x160\n[ 377.707033] driver_detach+0x44/0x90\n[ 377.707039] bus_remove_driver+0x55/0xe0\n[ 377.707045] pci_unregister_driver+0x3b/0x90\n[ 377.707052] amdgpu_exit+0x11/0x6c [amdgpu]\n[ 377.707194] __x64_sys_delete_module+0x142/0x2b0\n[ 377.707201] ? fpregs_assert_state_consistent+0x22/0x50\n[ 377.707208] ? exit_to_user_mode_prepare+0x3e/0x190\n[ 377.707215] do_syscall_64+0x38/0x90\n[ 377.707221] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52912",
"url": "https://www.suse.com/security/cve/CVE-2023-52912"
},
{
"category": "external",
"summary": "SUSE Bug 1229588 for CVE-2023-52912",
"url": "https://bugzilla.suse.com/1229588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52912"
},
{
"cve": "CVE-2023-52913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix potential context UAFs\n\ngem_context_register() makes the context visible to userspace, and which\npoint a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl.\nSo we need to ensure that nothing uses the ctx ptr after this. And we\nneed to ensure that adding the ctx to the xarray is the *last* thing\nthat gem_context_register() does with the ctx pointer.\n\n[tursulin: Stable and fixes tags add/tidy.]\n(cherry picked from commit bed4b455cf5374e68879be56971c1da563bcd90c)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52913",
"url": "https://www.suse.com/security/cve/CVE-2023-52913"
},
{
"category": "external",
"summary": "SUSE Bug 1229521 for CVE-2023-52913",
"url": "https://bugzilla.suse.com/1229521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-52913"
},
{
"cve": "CVE-2024-26631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work\n\nidev-\u003emc_ifc_count can be written over without proper locking.\n\nOriginally found by syzbot [1], fix this issue by encapsulating calls\nto mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with\nmutex_lock() and mutex_unlock() accordingly as these functions\nshould only be called with mc_lock per their declarations.\n\n[1]\nBUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0:\n mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline]\n ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725\n addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949\n addrconf_notify+0x310/0x980\n notifier_call_chain kernel/notifier.c:93 [inline]\n raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461\n __dev_notify_flags+0x205/0x3d0\n dev_change_flags+0xab/0xd0 net/core/dev.c:8685\n do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916\n rtnl_group_changelink net/core/rtnetlink.c:3458 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3717 [inline]\n rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754\n rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558\n netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545\n rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576\n netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\n netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910\n ...\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1:\n mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700\n worker_thread+0x525/0x730 kernel/workqueue.c:2781\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26631",
"url": "https://www.suse.com/security/cve/CVE-2024-26631"
},
{
"category": "external",
"summary": "SUSE Bug 1221630 for CVE-2024-26631",
"url": "https://bugzilla.suse.com/1221630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-26631"
},
{
"cve": "CVE-2024-26668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_limit: reject configurations that cause integer overflow\n\nReject bogus configs where internal token counter wraps around.\nThis only occurs with very very large requests, such as 17gbyte/s.\n\nIts better to reject this rather than having incorrect ratelimit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26668",
"url": "https://www.suse.com/security/cve/CVE-2024-26668"
},
{
"category": "external",
"summary": "SUSE Bug 1222335 for CVE-2024-26668",
"url": "https://bugzilla.suse.com/1222335"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-26668"
},
{
"cve": "CVE-2024-26669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: flower: Fix chain template offload\n\nWhen a qdisc is deleted from a net device the stack instructs the\nunderlying driver to remove its flow offload callback from the\nassociated filter block using the \u0027FLOW_BLOCK_UNBIND\u0027 command. The stack\nthen continues to replay the removal of the filters in the block for\nthis driver by iterating over the chains in the block and invoking the\n\u0027reoffload\u0027 operation of the classifier being used. In turn, the\nclassifier in its \u0027reoffload\u0027 operation prepares and emits a\n\u0027FLOW_CLS_DESTROY\u0027 command for each filter.\n\nHowever, the stack does not do the same for chain templates and the\nunderlying driver never receives a \u0027FLOW_CLS_TMPLT_DESTROY\u0027 command when\na qdisc is deleted. This results in a memory leak [1] which can be\nreproduced using [2].\n\nFix by introducing a \u0027tmplt_reoffload\u0027 operation and have the stack\ninvoke it with the appropriate arguments as part of the replay.\nImplement the operation in the sole classifier that supports chain\ntemplates (flower) by emitting the \u0027FLOW_CLS_TMPLT_{CREATE,DESTROY}\u0027\ncommand based on whether a flow offload callback is being bound to a\nfilter block or being unbound from one.\n\nAs far as I can tell, the issue happens since cited commit which\nreordered tcf_block_offload_unbind() before tcf_block_flush_all_chains()\nin __tcf_block_put(). The order cannot be reversed as the filter block\nis expected to be freed after flushing all the chains.\n\n[1]\nunreferenced object 0xffff888107e28800 (size 2048):\n comm \"tc\", pid 1079, jiffies 4294958525 (age 3074.287s)\n hex dump (first 32 bytes):\n b1 a6 7c 11 81 88 ff ff e0 5b b3 10 81 88 ff ff ..|......[......\n 01 00 00 00 00 00 00 00 e0 aa b0 84 ff ff ff ff ................\n backtrace:\n [\u003cffffffff81c06a68\u003e] __kmem_cache_alloc_node+0x1e8/0x320\n [\u003cffffffff81ab374e\u003e] __kmalloc+0x4e/0x90\n [\u003cffffffff832aec6d\u003e] mlxsw_sp_acl_ruleset_get+0x34d/0x7a0\n [\u003cffffffff832bc195\u003e] mlxsw_sp_flower_tmplt_create+0x145/0x180\n [\u003cffffffff832b2e1a\u003e] mlxsw_sp_flow_block_cb+0x1ea/0x280\n [\u003cffffffff83a10613\u003e] tc_setup_cb_call+0x183/0x340\n [\u003cffffffff83a9f85a\u003e] fl_tmplt_create+0x3da/0x4c0\n [\u003cffffffff83a22435\u003e] tc_ctl_chain+0xa15/0x1170\n [\u003cffffffff838a863c\u003e] rtnetlink_rcv_msg+0x3cc/0xed0\n [\u003cffffffff83ac87f0\u003e] netlink_rcv_skb+0x170/0x440\n [\u003cffffffff83ac6270\u003e] netlink_unicast+0x540/0x820\n [\u003cffffffff83ac6e28\u003e] netlink_sendmsg+0x8d8/0xda0\n [\u003cffffffff83793def\u003e] ____sys_sendmsg+0x30f/0xa80\n [\u003cffffffff8379d29a\u003e] ___sys_sendmsg+0x13a/0x1e0\n [\u003cffffffff8379d50c\u003e] __sys_sendmsg+0x11c/0x1f0\n [\u003cffffffff843b9ce0\u003e] do_syscall_64+0x40/0xe0\nunreferenced object 0xffff88816d2c0400 (size 1024):\n comm \"tc\", pid 1079, jiffies 4294958525 (age 3074.287s)\n hex dump (first 32 bytes):\n 40 00 00 00 00 00 00 00 57 f6 38 be 00 00 00 00 @.......W.8.....\n 10 04 2c 6d 81 88 ff ff 10 04 2c 6d 81 88 ff ff ..,m......,m....\n backtrace:\n [\u003cffffffff81c06a68\u003e] __kmem_cache_alloc_node+0x1e8/0x320\n [\u003cffffffff81ab36c1\u003e] __kmalloc_node+0x51/0x90\n [\u003cffffffff81a8ed96\u003e] kvmalloc_node+0xa6/0x1f0\n [\u003cffffffff82827d03\u003e] bucket_table_alloc.isra.0+0x83/0x460\n [\u003cffffffff82828d2b\u003e] rhashtable_init+0x43b/0x7c0\n [\u003cffffffff832aed48\u003e] mlxsw_sp_acl_ruleset_get+0x428/0x7a0\n [\u003cffffffff832bc195\u003e] mlxsw_sp_flower_tmplt_create+0x145/0x180\n [\u003cffffffff832b2e1a\u003e] mlxsw_sp_flow_block_cb+0x1ea/0x280\n [\u003cffffffff83a10613\u003e] tc_setup_cb_call+0x183/0x340\n [\u003cffffffff83a9f85a\u003e] fl_tmplt_create+0x3da/0x4c0\n [\u003cffffffff83a22435\u003e] tc_ctl_chain+0xa15/0x1170\n [\u003cffffffff838a863c\u003e] rtnetlink_rcv_msg+0x3cc/0xed0\n [\u003cffffffff83ac87f0\u003e] netlink_rcv_skb+0x170/0x440\n [\u003cffffffff83ac6270\u003e] netlink_unicast+0x540/0x820\n [\u003cffffffff83ac6e28\u003e] netlink_sendmsg+0x8d8/0xda0\n [\u003cffffffff83793def\u003e] ____sys_sendmsg+0x30f/0xa80\n\n[2]\n # tc qdisc add dev swp1 clsact\n # tc chain add dev swp1 ingress proto ip chain 1 flower dst_ip 0.0.0.0/32\n # tc qdisc del dev\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26669",
"url": "https://www.suse.com/security/cve/CVE-2024-26669"
},
{
"category": "external",
"summary": "SUSE Bug 1222350 for CVE-2024-26669",
"url": "https://bugzilla.suse.com/1222350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-26669"
},
{
"cve": "CVE-2024-26677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26677"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix delayed ACKs to not set the reference serial number\n\nFix the construction of delayed ACKs to not set the reference serial number\nas they can\u0027t be used as an RTT reference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26677",
"url": "https://www.suse.com/security/cve/CVE-2024-26677"
},
{
"category": "external",
"summary": "SUSE Bug 1222387 for CVE-2024-26677",
"url": "https://bugzilla.suse.com/1222387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-26677"
},
{
"cve": "CVE-2024-26735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix possible use-after-free and null-ptr-deref\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26735",
"url": "https://www.suse.com/security/cve/CVE-2024-26735"
},
{
"category": "external",
"summary": "SUSE Bug 1222372 for CVE-2024-26735",
"url": "https://bugzilla.suse.com/1222372"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-26735"
},
{
"cve": "CVE-2024-26808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26808"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain\n\nRemove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER\nevent is reported, otherwise a stale reference to netdevice remains in\nthe hook list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26808",
"url": "https://www.suse.com/security/cve/CVE-2024-26808"
},
{
"category": "external",
"summary": "SUSE Bug 1222634 for CVE-2024-26808",
"url": "https://bugzilla.suse.com/1222634"
},
{
"category": "external",
"summary": "SUSE Bug 1245772 for CVE-2024-26808",
"url": "https://bugzilla.suse.com/1245772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2024-26808"
},
{
"cve": "CVE-2024-26812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Create persistent INTx handler\n\nA vulnerability exists where the eventfd for INTx signaling can be\ndeconfigured, which unregisters the IRQ handler but still allows\neventfds to be signaled with a NULL context through the SET_IRQS ioctl\nor through unmask irqfd if the device interrupt is pending.\n\nIdeally this could be solved with some additional locking; the igate\nmutex serializes the ioctl and config space accesses, and the interrupt\nhandler is unregistered relative to the trigger, but the irqfd path\nruns asynchronous to those. The igate mutex cannot be acquired from the\natomic context of the eventfd wake function. Disabling the irqfd\nrelative to the eventfd registration is potentially incompatible with\nexisting userspace.\n\nAs a result, the solution implemented here moves configuration of the\nINTx interrupt handler to track the lifetime of the INTx context object\nand irq_type configuration, rather than registration of a particular\ntrigger eventfd. Synchronization is added between the ioctl path and\neventfd_signal() wrapper such that the eventfd trigger can be\ndynamically updated relative to in-flight interrupts or irqfd callbacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26812",
"url": "https://www.suse.com/security/cve/CVE-2024-26812"
},
{
"category": "external",
"summary": "SUSE Bug 1222808 for CVE-2024-26812",
"url": "https://bugzilla.suse.com/1222808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-26812"
},
{
"cve": "CVE-2024-26835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: set dormant flag on hook register failure\n\nWe need to set the dormant flag again if we fail to register\nthe hooks.\n\nDuring memory pressure hook registration can fail and we end up\nwith a table marked as active but no registered hooks.\n\nOn table/base chain deletion, nf_tables will attempt to unregister\nthe hook again which yields a warn splat from the nftables core.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26835",
"url": "https://www.suse.com/security/cve/CVE-2024-26835"
},
{
"category": "external",
"summary": "SUSE Bug 1222967 for CVE-2024-26835",
"url": "https://bugzilla.suse.com/1222967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "low"
}
],
"title": "CVE-2024-26835"
},
{
"cve": "CVE-2024-26851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_h323: Add protection for bmp length out of range\n\nUBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts\nthat are out of bounds for their data type.\n\nvmlinux get_bitmap(b=75) + 712\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:0\u003e\nvmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:592\u003e\nvmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:576\u003e\nvmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux DecodeRasMessage() + 304\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:833\u003e\nvmlinux ras_help() + 684\n\u003cnet/netfilter/nf_conntrack_h323_main.c:1728\u003e\nvmlinux nf_confirm() + 188\n\u003cnet/netfilter/nf_conntrack_proto.c:137\u003e\n\nDue to abnormal data in skb-\u003edata, the extension bitmap length\nexceeds 32 when decoding ras message then uses the length to make\na shift operation. It will change into negative after several loop.\nUBSAN load could detect a negative shift as an undefined behaviour\nand reports exception.\nSo we add the protection to avoid the length exceeding 32. Or else\nit will return out of range error and stop decoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26851",
"url": "https://www.suse.com/security/cve/CVE-2024-26851"
},
{
"category": "external",
"summary": "SUSE Bug 1223074 for CVE-2024-26851",
"url": "https://bugzilla.suse.com/1223074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-26851"
},
{
"cve": "CVE-2024-27010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix mirred deadlock on device recursion\n\nWhen the mirred action is used on a classful egress qdisc and a packet is\nmirrored or redirected to self we hit a qdisc lock deadlock.\nSee trace below.\n\n[..... other info removed for brevity....]\n[ 82.890906]\n[ 82.890906] ============================================\n[ 82.890906] WARNING: possible recursive locking detected\n[ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W\n[ 82.890906] --------------------------------------------\n[ 82.890906] ping/418 is trying to acquire lock:\n[ 82.890906] ffff888006994110 (\u0026sch-\u003eq.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] but task is already holding lock:\n[ 82.890906] ffff888006994110 (\u0026sch-\u003eq.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] other info that might help us debug this:\n[ 82.890906] Possible unsafe locking scenario:\n[ 82.890906]\n[ 82.890906] CPU0\n[ 82.890906] ----\n[ 82.890906] lock(\u0026sch-\u003eq.lock);\n[ 82.890906] lock(\u0026sch-\u003eq.lock);\n[ 82.890906]\n[ 82.890906] *** DEADLOCK ***\n[ 82.890906]\n[..... other info removed for brevity....]\n\nExample setup (eth0-\u003eeth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nAnother example(eth0-\u003eeth1-\u003eeth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth1\n\ntc qdisc add dev eth1 root handle 1: htb default 30\ntc filter add dev eth1 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nWe fix this by adding an owner field (CPU id) to struct Qdisc set after\nroot qdisc is entered. When the softirq enters it a second time, if the\nqdisc owner is the same CPU, the packet is dropped to break the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27010",
"url": "https://www.suse.com/security/cve/CVE-2024-27010"
},
{
"category": "external",
"summary": "SUSE Bug 1223720 for CVE-2024-27010",
"url": "https://bugzilla.suse.com/1223720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-27010"
},
{
"cve": "CVE-2024-27011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak in map from abort path\n\nThe delete set command does not rely on the transaction object for\nelement removal, therefore, a combination of delete element + delete set\nfrom the abort path could result in restoring twice the refcount of the\nmapping.\n\nCheck for inactive element in the next generation for the delete element\ncommand in the abort path, skip restoring state if next generation bit\nhas been already cleared. This is similar to the activate logic using\nthe set walk iterator.\n\n[ 6170.286929] ------------[ cut here ]------------\n[ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287071] Modules linked in: [...]\n[ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365\n[ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 \u003c0f\u003e 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f\n[ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202\n[ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000\n[ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750\n[ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55\n[ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10\n[ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100\n[ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000\n[ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0\n[ 6170.287962] Call Trace:\n[ 6170.287967] \u003cTASK\u003e\n[ 6170.287973] ? __warn+0x9f/0x1a0\n[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092] ? report_bug+0x1b1/0x1e0\n[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092] ? report_bug+0x1b1/0x1e0\n[ 6170.288104] ? handle_bug+0x3c/0x70\n[ 6170.288112] ? exc_invalid_op+0x17/0x40\n[ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20\n[ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27011",
"url": "https://www.suse.com/security/cve/CVE-2024-27011"
},
{
"category": "external",
"summary": "SUSE Bug 1223803 for CVE-2024-27011",
"url": "https://bugzilla.suse.com/1223803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-27011"
},
{
"cve": "CVE-2024-27016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate pppoe header\n\nEnsure there is sufficient room to access the protocol field of the\nPPPoe header. Validate it once before the flowtable lookup, then use a\nhelper function to access protocol field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27016",
"url": "https://www.suse.com/security/cve/CVE-2024-27016"
},
{
"category": "external",
"summary": "SUSE Bug 1223807 for CVE-2024-27016",
"url": "https://bugzilla.suse.com/1223807"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-27016"
},
{
"cve": "CVE-2024-27024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27024"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix WARNING in rds_conn_connect_if_down\n\nIf connection isn\u0027t established yet, get_mr() will fail, trigger connection after\nget_mr().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27024",
"url": "https://www.suse.com/security/cve/CVE-2024-27024"
},
{
"category": "external",
"summary": "SUSE Bug 1223777 for CVE-2024-27024",
"url": "https://bugzilla.suse.com/1223777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-27024"
},
{
"cve": "CVE-2024-27079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix NULL domain on device release\n\nIn the kdump kernel, the IOMMU operates in deferred_attach mode. In this\nmode, info-\u003edomain may not yet be assigned by the time the release_device\nfunction is called. It leads to the following crash in the crash kernel:\n\n BUG: kernel NULL pointer dereference, address: 000000000000003c\n ...\n RIP: 0010:do_raw_spin_lock+0xa/0xa0\n ...\n _raw_spin_lock_irqsave+0x1b/0x30\n intel_iommu_release_device+0x96/0x170\n iommu_deinit_device+0x39/0xf0\n __iommu_group_remove_device+0xa0/0xd0\n iommu_bus_notifier+0x55/0xb0\n notifier_call_chain+0x5a/0xd0\n blocking_notifier_call_chain+0x41/0x60\n bus_notify+0x34/0x50\n device_del+0x269/0x3d0\n pci_remove_bus_device+0x77/0x100\n p2sb_bar+0xae/0x1d0\n ...\n i801_probe+0x423/0x740\n\nUse the release_domain mechanism to fix it. The scalable mode context\nentry which is not part of release domain should be cleared in\nrelease_device().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27079",
"url": "https://www.suse.com/security/cve/CVE-2024-27079"
},
{
"category": "external",
"summary": "SUSE Bug 1223742 for CVE-2024-27079",
"url": "https://bugzilla.suse.com/1223742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-27079"
},
{
"cve": "CVE-2024-27403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27403"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_flow_offload: reset dst in route object after setting up flow\n\ndst is transferred to the flow object, route object does not own it\nanymore. Reset dst in route object, otherwise if flow_offload_add()\nfails, error path releases dst twice, leading to a refcount underflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27403",
"url": "https://www.suse.com/security/cve/CVE-2024-27403"
},
{
"category": "external",
"summary": "SUSE Bug 1224415 for CVE-2024-27403",
"url": "https://bugzilla.suse.com/1224415"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-27403"
},
{
"cve": "CVE-2024-31076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-31076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline\n\nThe absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of\ninterrupt affinity reconfiguration via procfs. Instead, the change is\ndeferred until the next instance of the interrupt being triggered on the\noriginal CPU.\n\nWhen the interrupt next triggers on the original CPU, the new affinity is\nenforced within __irq_move_irq(). A vector is allocated from the new CPU,\nbut the old vector on the original CPU remains and is not immediately\nreclaimed. Instead, apicd-\u003emove_in_progress is flagged, and the reclaiming\nprocess is delayed until the next trigger of the interrupt on the new CPU.\n\nUpon the subsequent triggering of the interrupt on the new CPU,\nirq_complete_move() adds a task to the old CPU\u0027s vector_cleanup list if it\nremains online. Subsequently, the timer on the old CPU iterates over its\nvector_cleanup list, reclaiming old vectors.\n\nHowever, a rare scenario arises if the old CPU is outgoing before the\ninterrupt triggers again on the new CPU.\n\nIn that case irq_force_complete_move() is not invoked on the outgoing CPU\nto reclaim the old apicd-\u003eprev_vector because the interrupt isn\u0027t currently\naffine to the outgoing CPU, and irq_needs_fixup() returns false. Even\nthough __vector_schedule_cleanup() is later called on the new CPU, it\ndoesn\u0027t reclaim apicd-\u003eprev_vector; instead, it simply resets both\napicd-\u003emove_in_progress and apicd-\u003eprev_vector to 0.\n\nAs a result, the vector remains unreclaimed in vector_matrix, leading to a\nCPU vector leak.\n\nTo address this issue, move the invocation of irq_force_complete_move()\nbefore the irq_needs_fixup() call to reclaim apicd-\u003eprev_vector, if the\ninterrupt is currently or used to be affine to the outgoing CPU.\n\nAdditionally, reclaim the vector in __vector_schedule_cleanup() as well,\nfollowing a warning message, although theoretically it should never see\napicd-\u003emove_in_progress with apicd-\u003eprev_cpu pointing to an offline CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-31076",
"url": "https://www.suse.com/security/cve/CVE-2024-31076"
},
{
"category": "external",
"summary": "SUSE Bug 1226765 for CVE-2024-31076",
"url": "https://bugzilla.suse.com/1226765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-31076"
},
{
"cve": "CVE-2024-35897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35897"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: discard table flag update with pending basechain deletion\n\nHook unregistration is deferred to the commit phase, same occurs with\nhook updates triggered by the table dormant flag. When both commands are\ncombined, this results in deleting a basechain while leaving its hook\nstill registered in the core.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35897",
"url": "https://www.suse.com/security/cve/CVE-2024-35897"
},
{
"category": "external",
"summary": "SUSE Bug 1224510 for CVE-2024-35897",
"url": "https://bugzilla.suse.com/1224510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-35897"
},
{
"cve": "CVE-2024-35902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix possible cp null dereference\n\ncp might be null, calling cp-\u003ecp_conn would produce null dereference\n\n[Simon Horman adds:]\n\nAnalysis:\n\n* cp is a parameter of __rds_rdma_map and is not reassigned.\n\n* The following call-sites pass a NULL cp argument to __rds_rdma_map()\n\n - rds_get_mr()\n - rds_get_mr_for_dest\n\n* Prior to the code above, the following assumes that cp may be NULL\n (which is indicative, but could itself be unnecessary)\n\n\ttrans_private = rs-\u003ers_transport-\u003eget_mr(\n\t\tsg, nents, rs, \u0026mr-\u003er_key, cp ? cp-\u003ecp_conn : NULL,\n\t\targs-\u003evec.addr, args-\u003evec.bytes,\n\t\tneed_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED);\n\n* The code modified by this patch is guarded by IS_ERR(trans_private),\n where trans_private is assigned as per the previous point in this analysis.\n\n The only implementation of get_mr that I could locate is rds_ib_get_mr()\n which can return an ERR_PTR if the conn (4th) argument is NULL.\n\n* ret is set to PTR_ERR(trans_private).\n rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL.\n Thus ret may be -ENODEV in which case the code in question will execute.\n\nConclusion:\n* cp may be NULL at the point where this patch adds a check;\n this patch does seem to address a possible bug",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35902",
"url": "https://www.suse.com/security/cve/CVE-2024-35902"
},
{
"category": "external",
"summary": "SUSE Bug 1224496 for CVE-2024-35902",
"url": "https://bugzilla.suse.com/1224496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-35902"
},
{
"cve": "CVE-2024-35945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: phy_device: Prevent nullptr exceptions on ISR\n\nIf phydev-\u003eirq is set unconditionally, check\nfor valid interrupt handler or fall back to polling mode to prevent\nnullptr exceptions in interrupt service routine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35945",
"url": "https://www.suse.com/security/cve/CVE-2024-35945"
},
{
"category": "external",
"summary": "SUSE Bug 1224639 for CVE-2024-35945",
"url": "https://bugzilla.suse.com/1224639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-35945"
},
{
"cve": "CVE-2024-35971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Handle softirqs at the end of IRQ thread to fix hang\n\nThe ks8851_irq() thread may call ks8851_rx_pkts() in case there are\nany packets in the MAC FIFO, which calls netif_rx(). This netif_rx()\nimplementation is guarded by local_bh_disable() and local_bh_enable().\nThe local_bh_enable() may call do_softirq() to run softirqs in case\nany are pending. One of the softirqs is net_rx_action, which ultimately\nreaches the driver .start_xmit callback. If that happens, the system\nhangs. The entire call chain is below:\n\nks8851_start_xmit_par from netdev_start_xmit\nnetdev_start_xmit from dev_hard_start_xmit\ndev_hard_start_xmit from sch_direct_xmit\nsch_direct_xmit from __dev_queue_xmit\n__dev_queue_xmit from __neigh_update\n__neigh_update from neigh_update\nneigh_update from arp_process.constprop.0\narp_process.constprop.0 from __netif_receive_skb_one_core\n__netif_receive_skb_one_core from process_backlog\nprocess_backlog from __napi_poll.constprop.0\n__napi_poll.constprop.0 from net_rx_action\nnet_rx_action from __do_softirq\n__do_softirq from call_with_stack\ncall_with_stack from do_softirq\ndo_softirq from __local_bh_enable_ip\n__local_bh_enable_ip from netif_rx\nnetif_rx from ks8851_irq\nks8851_irq from irq_thread_fn\nirq_thread_fn from irq_thread\nirq_thread from kthread\nkthread from ret_from_fork\n\nThe hang happens because ks8851_irq() first locks a spinlock in\nks8851_par.c ks8851_lock_par() spin_lock_irqsave(\u0026ksp-\u003elock, ...)\nand with that spinlock locked, calls netif_rx(). Once the execution\nreaches ks8851_start_xmit_par(), it calls ks8851_lock_par() again\nwhich attempts to claim the already locked spinlock again, and the\nhang happens.\n\nMove the do_softirq() call outside of the spinlock protected section\nof ks8851_irq() by disabling BHs around the entire spinlock protected\nsection of ks8851_irq() handler. Place local_bh_enable() outside of\nthe spinlock protected section, so that it can trigger do_softirq()\nwithout the ks8851_par.c ks8851_lock_par() spinlock being held, and\nsafely call ks8851_start_xmit_par() without attempting to lock the\nalready locked spinlock.\n\nSince ks8851_irq() is protected by local_bh_disable()/local_bh_enable()\nnow, replace netif_rx() with __netif_rx() which is not duplicating the\nlocal_bh_disable()/local_bh_enable() calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35971",
"url": "https://www.suse.com/security/cve/CVE-2024-35971"
},
{
"category": "external",
"summary": "SUSE Bug 1224578 for CVE-2024-35971",
"url": "https://bugzilla.suse.com/1224578"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-35971"
},
{
"cve": "CVE-2024-36009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix netdev refcount issue\n\nThe dev_tracker is added to ax25_cb in ax25_bind(). When the\nax25 device is detaching, the dev_tracker of ax25_cb should be\ndeallocated in ax25_kill_by_device() instead of the dev_tracker\nof ax25_dev. The log reported by ref_tracker is shown below:\n\n[ 80.884935] ref_tracker: reference already released.\n[ 80.885150] ref_tracker: allocated in:\n[ 80.885349] ax25_dev_device_up+0x105/0x540\n[ 80.885730] ax25_device_event+0xa4/0x420\n[ 80.885730] notifier_call_chain+0xc9/0x1e0\n[ 80.885730] __dev_notify_flags+0x138/0x280\n[ 80.885730] dev_change_flags+0xd7/0x180\n[ 80.885730] dev_ifsioc+0x6a9/0xa30\n[ 80.885730] dev_ioctl+0x4d8/0xd90\n[ 80.885730] sock_do_ioctl+0x1c2/0x2d0\n[ 80.885730] sock_ioctl+0x38b/0x4f0\n[ 80.885730] __se_sys_ioctl+0xad/0xf0\n[ 80.885730] do_syscall_64+0xc4/0x1b0\n[ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[ 80.885730] ref_tracker: freed in:\n[ 80.885730] ax25_device_event+0x272/0x420\n[ 80.885730] notifier_call_chain+0xc9/0x1e0\n[ 80.885730] dev_close_many+0x272/0x370\n[ 80.885730] unregister_netdevice_many_notify+0x3b5/0x1180\n[ 80.885730] unregister_netdev+0xcf/0x120\n[ 80.885730] sixpack_close+0x11f/0x1b0\n[ 80.885730] tty_ldisc_kill+0xcb/0x190\n[ 80.885730] tty_ldisc_hangup+0x338/0x3d0\n[ 80.885730] __tty_hangup+0x504/0x740\n[ 80.885730] tty_release+0x46e/0xd80\n[ 80.885730] __fput+0x37f/0x770\n[ 80.885730] __x64_sys_close+0x7b/0xb0\n[ 80.885730] do_syscall_64+0xc4/0x1b0\n[ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[ 80.893739] ------------[ cut here ]------------\n[ 80.894030] WARNING: CPU: 2 PID: 140 at lib/ref_tracker.c:255 ref_tracker_free+0x47b/0x6b0\n[ 80.894297] Modules linked in:\n[ 80.894929] CPU: 2 PID: 140 Comm: ax25_conn_rel_6 Not tainted 6.9.0-rc4-g8cd26fd90c1a #11\n[ 80.895190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qem4\n[ 80.895514] RIP: 0010:ref_tracker_free+0x47b/0x6b0\n[ 80.895808] Code: 83 c5 18 4c 89 eb 48 c1 eb 03 8a 04 13 84 c0 0f 85 df 01 00 00 41 83 7d 00 00 75 4b 4c 89 ff 9\n[ 80.896171] RSP: 0018:ffff888009edf8c0 EFLAGS: 00000286\n[ 80.896339] RAX: 1ffff1100141ac00 RBX: 1ffff1100149463b RCX: dffffc0000000000\n[ 80.896502] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffff88800a0d6518\n[ 80.896925] RBP: ffff888009edf9b0 R08: ffff88806d3288d3 R09: 1ffff1100da6511a\n[ 80.897212] R10: dffffc0000000000 R11: ffffed100da6511b R12: ffff88800a4a31d4\n[ 80.897859] R13: ffff88800a4a31d8 R14: dffffc0000000000 R15: ffff88800a0d6518\n[ 80.898279] FS: 00007fd88b7fe700(0000) GS:ffff88806d300000(0000) knlGS:0000000000000000\n[ 80.899436] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 80.900181] CR2: 00007fd88c001d48 CR3: 000000000993e000 CR4: 00000000000006f0\n...\n[ 80.935774] ref_tracker: sp%d@000000000bb9df3d has 1/1 users at\n[ 80.935774] ax25_bind+0x424/0x4e0\n[ 80.935774] __sys_bind+0x1d9/0x270\n[ 80.935774] __x64_sys_bind+0x75/0x80\n[ 80.935774] do_syscall_64+0xc4/0x1b0\n[ 80.935774] entry_SYSCALL_64_after_hwframe+0x67/0x6f\n\nChange ax25_dev-\u003edev_tracker to the dev_tracker of ax25_cb\nin order to mitigate the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36009",
"url": "https://www.suse.com/security/cve/CVE-2024-36009"
},
{
"category": "external",
"summary": "SUSE Bug 1224542 for CVE-2024-36009",
"url": "https://bugzilla.suse.com/1224542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-36009"
},
{
"cve": "CVE-2024-36013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()\n\nExtend a critical section to prevent chan from early freeing.\nAlso make the l2cap_connect() return type void. Nothing is using the\nreturned value but it is ugly to return a potentially freed pointer.\nMaking it void will help with backports because earlier kernels did use\nthe return value. Now the compile will break for kernels where this\npatch is not a complete fix.\n\nCall stack summary:\n\n[use]\nl2cap_bredr_sig_cmd\n l2cap_connect\n mutex_lock(\u0026conn-\u003echan_lock);\n | chan = pchan-\u003eops-\u003enew_connection(pchan); \u003c- alloc chan\n | __l2cap_chan_add(conn, chan);\n | l2cap_chan_hold(chan);\n | list_add(\u0026chan-\u003elist, \u0026conn-\u003echan_l); ... (1)\n mutex_unlock(\u0026conn-\u003echan_lock);\n chan-\u003econf_state ... (4) \u003c- use after free\n\n[free]\nl2cap_conn_del\n mutex_lock(\u0026conn-\u003echan_lock);\n| foreach chan in conn-\u003echan_l: ... (2)\n| l2cap_chan_put(chan);\n| l2cap_chan_destroy\n| kfree(chan) ... (3) \u003c- chan freed\n mutex_unlock(\u0026conn-\u003echan_lock);\n\n==================================================================\nBUG: KASAN: slab-use-after-free in instrument_atomic_read\ninclude/linux/instrumented.h:68 [inline]\nBUG: KASAN: slab-use-after-free in _test_bit\ninclude/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0\nnet/bluetooth/l2cap_core.c:4260\nRead of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36013",
"url": "https://www.suse.com/security/cve/CVE-2024-36013"
},
{
"category": "external",
"summary": "SUSE Bug 1225578 for CVE-2024-36013",
"url": "https://bugzilla.suse.com/1225578"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-36013"
},
{
"cve": "CVE-2024-36270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36270"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: tproxy: bail out if IP has been disabled on the device\n\nsyzbot reports:\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n[..]\nRIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62\nCall Trace:\n nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline]\n nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168\n\n__in_dev_get_rcu() can return NULL, so check for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36270",
"url": "https://www.suse.com/security/cve/CVE-2024-36270"
},
{
"category": "external",
"summary": "SUSE Bug 1226798 for CVE-2024-36270",
"url": "https://bugzilla.suse.com/1226798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-36270"
},
{
"cve": "CVE-2024-36286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()\n\nsyzbot reported that nf_reinject() could be called without rcu_read_lock() :\n\nWARNING: suspicious RCU usage\n6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted\n\nnet/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n2 locks held by syz-executor.4/13427:\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline]\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline]\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172\n\nstack backtrace:\nCPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\n nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline]\n nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397\n nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline]\n instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172\n rcu_do_batch kernel/rcu/tree.c:2196 [inline]\n rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471\n handle_softirqs+0x2d6/0x990 kernel/softirq.c:554\n __do_softirq kernel/softirq.c:588 [inline]\n invoke_softirq kernel/softirq.c:428 [inline]\n __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:649\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\n \u003c/IRQ\u003e\n \u003cTASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36286",
"url": "https://www.suse.com/security/cve/CVE-2024-36286"
},
{
"category": "external",
"summary": "SUSE Bug 1226801 for CVE-2024-36286",
"url": "https://bugzilla.suse.com/1226801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-36286"
},
{
"cve": "CVE-2024-36489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix missing memory barrier in tls_init\n\nIn tls_init(), a write memory barrier is missing, and store-store\nreordering may cause NULL dereference in tls_{setsockopt,getsockopt}.\n\nCPU0 CPU1\n----- -----\n// In tls_init()\n// In tls_ctx_create()\nctx = kzalloc()\nctx-\u003esk_proto = READ_ONCE(sk-\u003esk_prot) -(1)\n\n// In update_sk_prot()\nWRITE_ONCE(sk-\u003esk_prot, tls_prots) -(2)\n\n // In sock_common_setsockopt()\n READ_ONCE(sk-\u003esk_prot)-\u003esetsockopt()\n\n // In tls_{setsockopt,getsockopt}()\n ctx-\u003esk_proto-\u003esetsockopt() -(3)\n\nIn the above scenario, when (1) and (2) are reordered, (3) can observe\nthe NULL value of ctx-\u003esk_proto, causing NULL dereference.\n\nTo fix it, we rely on rcu_assign_pointer() which implies the release\nbarrier semantic. By moving rcu_assign_pointer() after ctx-\u003esk_proto is\ninitialized, we can ensure that ctx-\u003esk_proto are visible when\nchanging sk-\u003esk_prot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36489",
"url": "https://www.suse.com/security/cve/CVE-2024-36489"
},
{
"category": "external",
"summary": "SUSE Bug 1226874 for CVE-2024-36489",
"url": "https://bugzilla.suse.com/1226874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-36489"
},
{
"cve": "CVE-2024-36929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: core: reject skb_copy(_expand) for fraglist GSO skbs\n\nSKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become\ninvalid. Return NULL if such an skb is passed to skb_copy or\nskb_copy_expand, in order to prevent a crash on a potential later\ncall to skb_gso_segment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36929",
"url": "https://www.suse.com/security/cve/CVE-2024-36929"
},
{
"category": "external",
"summary": "SUSE Bug 1225814 for CVE-2024-36929",
"url": "https://bugzilla.suse.com/1225814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-36929"
},
{
"cve": "CVE-2024-36933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36933"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnsh: Restore skb-\u003e{protocol,data,mac_header} for outer header in nsh_gso_segment().\n\nsyzbot triggered various splats (see [0] and links) by a crafted GSO\npacket of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:\n\n ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP\n\nNSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner\nprotocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls\nskb_mac_gso_segment() to invoke inner protocol GSO handlers.\n\nnsh_gso_segment() does the following for the original skb before\ncalling skb_mac_gso_segment()\n\n 1. reset skb-\u003enetwork_header\n 2. save the original skb-\u003e{mac_heaeder,mac_len} in a local variable\n 3. pull the NSH header\n 4. resets skb-\u003emac_header\n 5. set up skb-\u003emac_len and skb-\u003eprotocol for the inner protocol.\n\nand does the following for the segmented skb\n\n 6. set ntohs(ETH_P_NSH) to skb-\u003eprotocol\n 7. push the NSH header\n 8. restore skb-\u003emac_header\n 9. set skb-\u003emac_header + mac_len to skb-\u003enetwork_header\n 10. restore skb-\u003emac_len\n\nThere are two problems in 6-7 and 8-9.\n\n (a)\n After 6 \u0026 7, skb-\u003edata points to the NSH header, so the outer header\n (ETH_P_8021AD in this case) is stripped when skb is sent out of netdev.\n\n Also, if NSH is encapsulated by NSH + Ethernet (so NSH-Ethernet-NSH),\n skb_pull() in the first nsh_gso_segment() will make skb-\u003edata point\n to the middle of the outer NSH or Ethernet header because the Ethernet\n header is not pulled by the second nsh_gso_segment().\n\n (b)\n While restoring skb-\u003e{mac_header,network_header} in 8 \u0026 9,\n nsh_gso_segment() does not assume that the data in the linear\n buffer is shifted.\n\n However, udp6_ufo_fragment() could shift the data and change\n skb-\u003emac_header accordingly as demonstrated by syzbot.\n\n If this happens, even the restored skb-\u003emac_header points to\n the middle of the outer header.\n\nIt seems nsh_gso_segment() has never worked with outer headers so far.\n\nAt the end of nsh_gso_segment(), the outer header must be restored for\nthe segmented skb, instead of the NSH header.\n\nTo do that, let\u0027s calculate the outer header position relatively from\nthe inner header and set skb-\u003e{data,mac_header,protocol} properly.\n\n[0]:\nBUG: KMSAN: uninit-value in ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\nBUG: KMSAN: uninit-value in ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\nBUG: KMSAN: uninit-value in ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\n ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_start_xmit+0x5c/0x1a0 drivers/net/ipvlan/ipvlan_main.c:222\n __netdev_start_xmit include/linux/netdevice.h:4989 [inline]\n netdev_start_xmit include/linux/netdevice.h:5003 [inline]\n xmit_one net/core/dev.c:3547 [inline]\n dev_hard_start_xmit+0x244/0xa10 net/core/dev.c:3563\n __dev_queue_xmit+0x33ed/0x51c0 net/core/dev.c:4351\n dev_queue_xmit include/linux/netdevice.h:3171 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3081 [inline]\n packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3819 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n __do_kmalloc_node mm/slub.c:3980 [inline]\n __kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001\n kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\n __\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36933",
"url": "https://www.suse.com/security/cve/CVE-2024-36933"
},
{
"category": "external",
"summary": "SUSE Bug 1225832 for CVE-2024-36933",
"url": "https://bugzilla.suse.com/1225832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-36933"
},
{
"cve": "CVE-2024-36936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/unaccepted: touch soft lockup during memory accept\n\nCommit 50e782a86c98 (\"efi/unaccepted: Fix soft lockups caused by\nparallel memory acceptance\") has released the spinlock so other CPUs can\ndo memory acceptance in parallel and not triggers softlockup on other\nCPUs.\n\nHowever the softlock up was intermittent shown up if the memory of the\nTD guest is large, and the timeout of softlockup is set to 1 second:\n\n RIP: 0010:_raw_spin_unlock_irqrestore\n Call Trace:\n ? __hrtimer_run_queues\n \u003cIRQ\u003e\n ? hrtimer_interrupt\n ? watchdog_timer_fn\n ? __sysvec_apic_timer_interrupt\n ? __pfx_watchdog_timer_fn\n ? sysvec_apic_timer_interrupt\n \u003c/IRQ\u003e\n ? __hrtimer_run_queues\n \u003cTASK\u003e\n ? hrtimer_interrupt\n ? asm_sysvec_apic_timer_interrupt\n ? _raw_spin_unlock_irqrestore\n ? __sysvec_apic_timer_interrupt\n ? sysvec_apic_timer_interrupt\n accept_memory\n try_to_accept_memory\n do_huge_pmd_anonymous_page\n get_page_from_freelist\n __handle_mm_fault\n __alloc_pages\n __folio_alloc\n ? __tdx_hypercall\n handle_mm_fault\n vma_alloc_folio\n do_user_addr_fault\n do_huge_pmd_anonymous_page\n exc_page_fault\n ? __do_huge_pmd_anonymous_page\n asm_exc_page_fault\n __handle_mm_fault\n\nWhen the local irq is enabled at the end of accept_memory(), the\nsoftlockup detects that the watchdog on single CPU has not been fed for\na while. That is to say, even other CPUs will not be blocked by\nspinlock, the current CPU might be stunk with local irq disabled for a\nwhile, which hurts not only nmi watchdog but also softlockup.\n\nChao Gao pointed out that the memory accept could be time costly and\nthere was similar report before. Thus to avoid any softlocup detection\nduring this stage, give the softlockup a flag to skip the timeout check\nat the end of accept_memory(), by invoking touch_softlockup_watchdog().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36936",
"url": "https://www.suse.com/security/cve/CVE-2024-36936"
},
{
"category": "external",
"summary": "SUSE Bug 1225773 for CVE-2024-36936",
"url": "https://bugzilla.suse.com/1225773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "low"
}
],
"title": "CVE-2024-36936"
},
{
"cve": "CVE-2024-36962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36962"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Queue RX packets in IRQ handler instead of disabling BHs\n\nCurrently the driver uses local_bh_disable()/local_bh_enable() in its\nIRQ handler to avoid triggering net_rx_action() softirq on exit from\nnetif_rx(). The net_rx_action() could trigger this driver .start_xmit\ncallback, which is protected by the same lock as the IRQ handler, so\ncalling the .start_xmit from netif_rx() from the IRQ handler critical\nsection protected by the lock could lead to an attempt to claim the\nalready claimed lock, and a hang.\n\nThe local_bh_disable()/local_bh_enable() approach works only in case\nthe IRQ handler is protected by a spinlock, but does not work if the\nIRQ handler is protected by mutex, i.e. this works for KS8851 with\nParallel bus interface, but not for KS8851 with SPI bus interface.\n\nRemove the BH manipulation and instead of calling netif_rx() inside\nthe IRQ handler code protected by the lock, queue all the received\nSKBs in the IRQ handler into a queue first, and once the IRQ handler\nexits the critical section protected by the lock, dequeue all the\nqueued SKBs and push them all into netif_rx(). At this point, it is\nsafe to trigger the net_rx_action() softirq, since the netif_rx()\ncall is outside of the lock that protects the IRQ handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36962",
"url": "https://www.suse.com/security/cve/CVE-2024-36962"
},
{
"category": "external",
"summary": "SUSE Bug 1225827 for CVE-2024-36962",
"url": "https://bugzilla.suse.com/1225827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-36962"
},
{
"cve": "CVE-2024-38554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issue of net_device\n\nThere is a reference count leak issue of the object \"net_device\" in\nax25_dev_device_down(). When the ax25 device is shutting down, the\nax25_dev_device_down() drops the reference count of net_device one\nor zero times depending on if we goto unlock_put or not, which will\ncause memory leak.\n\nIn order to solve the above issue, decrease the reference count of\nnet_device after dev-\u003eax25_ptr is set to null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38554",
"url": "https://www.suse.com/security/cve/CVE-2024-38554"
},
{
"category": "external",
"summary": "SUSE Bug 1226742 for CVE-2024-38554",
"url": "https://bugzilla.suse.com/1226742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-38554"
},
{
"cve": "CVE-2024-38602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issues of ax25_dev\n\nThe ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference\ncount leak issue of the object \"ax25_dev\".\n\nMemory leak issue in ax25_addr_ax25dev():\n\nThe reference count of the object \"ax25_dev\" can be increased multiple\ntimes in ax25_addr_ax25dev(). This will cause a memory leak.\n\nMemory leak issues in ax25_dev_device_down():\n\nThe reference count of ax25_dev is set to 1 in ax25_dev_device_up() and\nthen increase the reference count when ax25_dev is added to ax25_dev_list.\nAs a result, the reference count of ax25_dev is 2. But when the device is\nshutting down. The ax25_dev_device_down() drops the reference count once\nor twice depending on if we goto unlock_put or not, which will cause\nmemory leak.\n\nAs for the issue of ax25_addr_ax25dev(), it is impossible for one pointer\nto be on a list twice. So add a break in ax25_addr_ax25dev(). As for the\nissue of ax25_dev_device_down(), increase the reference count of ax25_dev\nonce in ax25_dev_device_up() and decrease the reference count of ax25_dev\nafter it is removed from the ax25_dev_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38602",
"url": "https://www.suse.com/security/cve/CVE-2024-38602"
},
{
"category": "external",
"summary": "SUSE Bug 1226613 for CVE-2024-38602",
"url": "https://bugzilla.suse.com/1226613"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-38602"
},
{
"cve": "CVE-2024-38662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Allow delete from sockmap/sockhash only if update is allowed\n\nWe have seen an influx of syzkaller reports where a BPF program attached to\na tracepoint triggers a locking rule violation by performing a map_delete\non a sockmap/sockhash.\n\nWe don\u0027t intend to support this artificial use scenario. Extend the\nexisting verifier allowed-program-type check for updating sockmap/sockhash\nto also cover deleting from a map.\n\nFrom now on only BPF programs which were previously allowed to update\nsockmap/sockhash can delete from these map types.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38662",
"url": "https://www.suse.com/security/cve/CVE-2024-38662"
},
{
"category": "external",
"summary": "SUSE Bug 1226885 for CVE-2024-38662",
"url": "https://bugzilla.suse.com/1226885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-38662"
},
{
"cve": "CVE-2024-39489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix memleak in seg6_hmac_init_algo\n\nseg6_hmac_init_algo returns without cleaning up the previous allocations\nif one fails, so it\u0027s going to leak all that memory and the crypto tfms.\n\nUpdate seg6_hmac_exit to only free the memory when allocated, so we can\nreuse the code directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39489",
"url": "https://www.suse.com/security/cve/CVE-2024-39489"
},
{
"category": "external",
"summary": "SUSE Bug 1227623 for CVE-2024-39489",
"url": "https://bugzilla.suse.com/1227623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-39489"
},
{
"cve": "CVE-2024-40905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 \u003c80\u003e 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n call_netdevice_notifiers net/core/dev.c:2044 [inline]\n dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n unregister_netdevice_many net/core/dev.c:11276 [inline]\n default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40905",
"url": "https://www.suse.com/security/cve/CVE-2024-40905"
},
{
"category": "external",
"summary": "SUSE Bug 1227761 for CVE-2024-40905",
"url": "https://bugzilla.suse.com/1227761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-40905"
},
{
"cve": "CVE-2024-40978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedi: Fix crash while reading debugfs attribute\n\nThe qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly\non a __user pointer, which results into the crash.\n\nTo fix this issue, use a small local stack buffer for sprintf() and then\ncall simple_read_from_buffer(), which in turns make the copy_to_user()\ncall.\n\nBUG: unable to handle page fault for address: 00007f4801111000\nPGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0\nOops: 0002 [#1] PREEMPT SMP PTI\nHardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023\nRIP: 0010:memcpy_orig+0xcd/0x130\nRSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202\nRAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f\nRDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000\nRBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572\nR10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff\nR13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af\nFS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x183/0x510\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? memcpy_orig+0xcd/0x130\n vsnprintf+0x102/0x4c0\n sprintf+0x51/0x80\n qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]\n full_proxy_read+0x50/0x80\n vfs_read+0xa5/0x2e0\n ? folio_add_new_anon_rmap+0x44/0xa0\n ? set_pte_at+0x15/0x30\n ? do_pte_missing+0x426/0x7f0\n ksys_read+0xa5/0xe0\n do_syscall_64+0x58/0x80\n ? __count_memcg_events+0x46/0x90\n ? count_memcg_event_mm+0x3d/0x60\n ? handle_mm_fault+0x196/0x2f0\n ? do_user_addr_fault+0x267/0x890\n ? exc_page_fault+0x69/0x150\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4800f20b4d",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40978",
"url": "https://www.suse.com/security/cve/CVE-2024-40978"
},
{
"category": "external",
"summary": "SUSE Bug 1227929 for CVE-2024-40978",
"url": "https://bugzilla.suse.com/1227929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-40978"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-40995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n\u003cTASK\u003e\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40995",
"url": "https://www.suse.com/security/cve/CVE-2024-40995"
},
{
"category": "external",
"summary": "SUSE Bug 1227830 for CVE-2024-40995",
"url": "https://bugzilla.suse.com/1227830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-40995"
},
{
"cve": "CVE-2024-41000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock/ioctl: prefer different overflow check\n\nRunning syzkaller with the newly reintroduced signed integer overflow\nsanitizer shows this report:\n\n[ 62.982337] ------------[ cut here ]------------\n[ 62.985692] cgroup: Invalid name\n[ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46\n[ 62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1\n[ 62.992992] 9223372036854775807 + 4095 cannot be represented in type \u0027long long\u0027\n[ 62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1\n[ 62.999369] random: crng reseeded on system resumption\n[ 63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000)\n[ 63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1\n[ 63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 63.000682] Call Trace:\n[ 63.000686] \u003cTASK\u003e\n[ 63.000731] dump_stack_lvl+0x93/0xd0\n[ 63.000919] __get_user_pages+0x903/0xd30\n[ 63.001030] __gup_longterm_locked+0x153e/0x1ba0\n[ 63.001041] ? _raw_read_unlock_irqrestore+0x17/0x50\n[ 63.001072] ? try_get_folio+0x29c/0x2d0\n[ 63.001083] internal_get_user_pages_fast+0x1119/0x1530\n[ 63.001109] iov_iter_extract_pages+0x23b/0x580\n[ 63.001206] bio_iov_iter_get_pages+0x4de/0x1220\n[ 63.001235] iomap_dio_bio_iter+0x9b6/0x1410\n[ 63.001297] __iomap_dio_rw+0xab4/0x1810\n[ 63.001316] iomap_dio_rw+0x45/0xa0\n[ 63.001328] ext4_file_write_iter+0xdde/0x1390\n[ 63.001372] vfs_write+0x599/0xbd0\n[ 63.001394] ksys_write+0xc8/0x190\n[ 63.001403] do_syscall_64+0xd4/0x1b0\n[ 63.001421] ? arch_exit_to_user_mode_prepare+0x3a/0x60\n[ 63.001479] entry_SYSCALL_64_after_hwframe+0x6f/0x77\n[ 63.001535] RIP: 0033:0x7f7fd3ebf539\n[ 63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\n[ 63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539\n[ 63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004\n[ 63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000\n[ 63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[ 63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8\n...\n[ 63.018142] ---[ end trace ]---\n\nHistorically, the signed integer overflow sanitizer did not work in the\nkernel due to its interaction with `-fwrapv` but this has since been\nchanged [1] in the newest version of Clang; It was re-enabled in the\nkernel with Commit 557f8c582a9ba8ab (\"ubsan: Reintroduce signed overflow\nsanitizer\").\n\nLet\u0027s rework this overflow checking logic to not actually perform an\noverflow during the check itself, thus avoiding the UBSAN splat.\n\n[1]: https://github.com/llvm/llvm-project/pull/82432",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41000",
"url": "https://www.suse.com/security/cve/CVE-2024-41000"
},
{
"category": "external",
"summary": "SUSE Bug 1227867 for CVE-2024-41000",
"url": "https://bugzilla.suse.com/1227867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41000"
},
{
"cve": "CVE-2024-41007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has \u0027expired\u0027.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk-\u003eicsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk-\u003eicsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41007",
"url": "https://www.suse.com/security/cve/CVE-2024-41007"
},
{
"category": "external",
"summary": "SUSE Bug 1227863 for CVE-2024-41007",
"url": "https://bugzilla.suse.com/1227863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "low"
}
],
"title": "CVE-2024-41007"
},
{
"cve": "CVE-2024-41009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that \"owns\" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\u0027s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos \u003e rb-\u003emask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\u0027s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\u0027s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\u0027s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\u0027ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41009",
"url": "https://www.suse.com/security/cve/CVE-2024-41009"
},
{
"category": "external",
"summary": "SUSE Bug 1228020 for CVE-2024-41009",
"url": "https://bugzilla.suse.com/1228020"
},
{
"category": "external",
"summary": "SUSE Bug 1245988 for CVE-2024-41009",
"url": "https://bugzilla.suse.com/1245988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2024-41009"
},
{
"cve": "CVE-2024-41011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don\u0027t allow mapping the MMIO HDP page with large pages\n\nWe don\u0027t get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with \u003e4K pages, we end up\nexposing PAGE_SIZE of MMIO space.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41011",
"url": "https://www.suse.com/security/cve/CVE-2024-41011"
},
{
"category": "external",
"summary": "SUSE Bug 1228114 for CVE-2024-41011",
"url": "https://bugzilla.suse.com/1228114"
},
{
"category": "external",
"summary": "SUSE Bug 1228115 for CVE-2024-41011",
"url": "https://bugzilla.suse.com/1228115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2024-41011"
},
{
"cve": "CVE-2024-41016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe \u0027non-indexed\u0027, which saved with additional space\nrequested. It\u0027s better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41016",
"url": "https://www.suse.com/security/cve/CVE-2024-41016"
},
{
"category": "external",
"summary": "SUSE Bug 1228410 for CVE-2024-41016",
"url": "https://bugzilla.suse.com/1228410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41016"
},
{
"cve": "CVE-2024-41020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Fix fcntl/close race recovery compat path\n\nWhen I wrote commit 3cad1bc01041 (\"filelock: Remove locks reliably when\nfcntl/close race is detected\"), I missed that there are two copies of the\ncode I was patching: The normal version, and the version for 64-bit offsets\non 32-bit kernels.\nThanks to Greg KH for stumbling over this while doing the stable\nbackport...\n\nApply exactly the same fix to the compat path for 32-bit kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41020",
"url": "https://www.suse.com/security/cve/CVE-2024-41020"
},
{
"category": "external",
"summary": "SUSE Bug 1228427 for CVE-2024-41020",
"url": "https://bugzilla.suse.com/1228427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41020"
},
{
"cve": "CVE-2024-41022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41022"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()\n\nThe \"instance\" variable needs to be signed for the error handling to work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41022",
"url": "https://www.suse.com/security/cve/CVE-2024-41022"
},
{
"category": "external",
"summary": "SUSE Bug 1228429 for CVE-2024-41022",
"url": "https://bugzilla.suse.com/1228429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41022"
},
{
"cve": "CVE-2024-41035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor\n\nSyzbot has identified a bug in usbcore (see the Closes: tag below)\ncaused by our assumption that the reserved bits in an endpoint\ndescriptor\u0027s bEndpointAddress field will always be 0. As a result of\nthe bug, the endpoint_is_duplicate() routine in config.c (and possibly\nother routines as well) may believe that two descriptors are for\ndistinct endpoints, even though they have the same direction and\nendpoint number. This can lead to confusion, including the bug\nidentified by syzbot (two descriptors with matching endpoint numbers\nand directions, where one was interrupt and the other was bulk).\n\nTo fix the bug, we will clear the reserved bits in bEndpointAddress\nwhen we parse the descriptor. (Note that both the USB-2.0 and USB-3.1\nspecs say these bits are \"Reserved, reset to zero\".) This requires us\nto make a copy of the descriptor earlier in usb_parse_endpoint() and\nuse the copy instead of the original when checking for duplicates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41035",
"url": "https://www.suse.com/security/cve/CVE-2024-41035"
},
{
"category": "external",
"summary": "SUSE Bug 1228485 for CVE-2024-41035",
"url": "https://bugzilla.suse.com/1228485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41035"
},
{
"cve": "CVE-2024-41036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Fix deadlock with the SPI chip variant\n\nWhen SMP is enabled and spinlocks are actually functional then there is\na deadlock with the \u0027statelock\u0027 spinlock between ks8851_start_xmit_spi\nand ks8851_irq:\n\n watchdog: BUG: soft lockup - CPU#0 stuck for 27s!\n call trace:\n queued_spin_lock_slowpath+0x100/0x284\n do_raw_spin_lock+0x34/0x44\n ks8851_start_xmit_spi+0x30/0xb8\n ks8851_start_xmit+0x14/0x20\n netdev_start_xmit+0x40/0x6c\n dev_hard_start_xmit+0x6c/0xbc\n sch_direct_xmit+0xa4/0x22c\n __qdisc_run+0x138/0x3fc\n qdisc_run+0x24/0x3c\n net_tx_action+0xf8/0x130\n handle_softirqs+0x1ac/0x1f0\n __do_softirq+0x14/0x20\n ____do_softirq+0x10/0x1c\n call_on_irq_stack+0x3c/0x58\n do_softirq_own_stack+0x1c/0x28\n __irq_exit_rcu+0x54/0x9c\n irq_exit_rcu+0x10/0x1c\n el1_interrupt+0x38/0x50\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x64/0x68\n __netif_schedule+0x6c/0x80\n netif_tx_wake_queue+0x38/0x48\n ks8851_irq+0xb8/0x2c8\n irq_thread_fn+0x2c/0x74\n irq_thread+0x10c/0x1b0\n kthread+0xc8/0xd8\n ret_from_fork+0x10/0x20\n\nThis issue has not been identified earlier because tests were done on\na device with SMP disabled and so spinlocks were actually NOPs.\n\nNow use spin_(un)lock_bh for TX queue related locking to avoid execution\nof softirq work synchronously that would lead to a deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41036",
"url": "https://www.suse.com/security/cve/CVE-2024-41036"
},
{
"category": "external",
"summary": "SUSE Bug 1228496 for CVE-2024-41036",
"url": "https://bugzilla.suse.com/1228496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41036"
},
{
"cve": "CVE-2024-41038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers\n\nCheck that all fields of a V2 algorithm header fit into the available\nfirmware data buffer.\n\nThe wmfw V2 format introduced variable-length strings in the algorithm\nblock header. This means the overall header length is variable, and the\nposition of most fields varies depending on the length of the string\nfields. Each field must be checked to ensure that it does not overflow\nthe firmware data buffer.\n\nAs this ia bugfix patch, the fixes avoid making any significant change to\nthe existing code. This makes it easier to review and less likely to\nintroduce new bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41038",
"url": "https://www.suse.com/security/cve/CVE-2024-41038"
},
{
"category": "external",
"summary": "SUSE Bug 1228509 for CVE-2024-41038",
"url": "https://bugzilla.suse.com/1228509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41038"
},
{
"cve": "CVE-2024-41039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41039"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Fix overflow checking of wmfw header\n\nFix the checking that firmware file buffer is large enough for the\nwmfw header, to prevent overrunning the buffer.\n\nThe original code tested that the firmware data buffer contained\nenough bytes for the sums of the size of the structs\n\n\twmfw_header + wmfw_adsp1_sizes + wmfw_footer\n\nBut wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and\nHalo Core the equivalent struct is wmfw_adsp2_sizes, which is\n4 bytes longer. So the length check didn\u0027t guarantee that there\nare enough bytes in the firmware buffer for a header with\nwmfw_adsp2_sizes.\n\nThis patch splits the length check into three separate parts. Each\nof the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked\nseparately before they are used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41039",
"url": "https://www.suse.com/security/cve/CVE-2024-41039"
},
{
"category": "external",
"summary": "SUSE Bug 1228515 for CVE-2024-41039",
"url": "https://bugzilla.suse.com/1228515"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41039"
},
{
"cve": "CVE-2024-41042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41042"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: prefer nft_chain_validate\n\nnft_chain_validate already performs loop detection because a cycle will\nresult in a call stack overflow (ctx-\u003elevel \u003e= NFT_JUMP_STACK_SIZE).\n\nIt also follows maps via -\u003evalidate callback in nft_lookup, so there\nappears no reason to iterate the maps again.\n\nnf_tables_check_loops() and all its helper functions can be removed.\nThis improves ruleset load time significantly, from 23s down to 12s.\n\nThis also fixes a crash bug. Old loop detection code can result in\nunbounded recursion:\n\nBUG: TASK stack guard page was hit at ....\nOops: stack guard page: 0000 [#1] PREEMPT SMP KASAN\nCPU: 4 PID: 1539 Comm: nft Not tainted 6.10.0-rc5+ #1\n[..]\n\nwith a suitable ruleset during validation of register stores.\n\nI can\u0027t see any actual reason to attempt to check for this from\nnft_validate_register_store(), at this point the transaction is still in\nprogress, so we don\u0027t have a full picture of the rule graph.\n\nFor nf-next it might make sense to either remove it or make this depend\non table-\u003evalidate_state in case we could catch an error earlier\n(for improved error reporting to userspace).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41042",
"url": "https://www.suse.com/security/cve/CVE-2024-41042"
},
{
"category": "external",
"summary": "SUSE Bug 1228526 for CVE-2024-41042",
"url": "https://bugzilla.suse.com/1228526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41042"
},
{
"cve": "CVE-2024-41045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Defer work in bpf_timer_cancel_and_free\n\nCurrently, the same case as previous patch (two timer callbacks trying\nto cancel each other) can be invoked through bpf_map_update_elem as\nwell, or more precisely, freeing map elements containing timers. Since\nthis relies on hrtimer_cancel as well, it is prone to the same deadlock\nsituation as the previous patch.\n\nIt would be sufficient to use hrtimer_try_to_cancel to fix this problem,\nas the timer cannot be enqueued after async_cancel_and_free. Once\nasync_cancel_and_free has been done, the timer must be reinitialized\nbefore it can be armed again. The callback running in parallel trying to\narm the timer will fail, and freeing bpf_hrtimer without waiting is\nsufficient (given kfree_rcu), and bpf_timer_cb will return\nHRTIMER_NORESTART, preventing the timer from being rearmed again.\n\nHowever, there exists a UAF scenario where the callback arms the timer\nbefore entering this function, such that if cancellation fails (due to\ntimer callback invoking this routine, or the target timer callback\nrunning concurrently). In such a case, if the timer expiration is\nsignificantly far in the future, the RCU grace period expiration\nhappening before it will free the bpf_hrtimer state and along with it\nthe struct hrtimer, that is enqueued.\n\nHence, it is clear cancellation needs to occur after\nasync_cancel_and_free, and yet it cannot be done inline due to deadlock\nissues. We thus modify bpf_timer_cancel_and_free to defer work to the\nglobal workqueue, adding a work_struct alongside rcu_head (both used at\n_different_ points of time, so can share space).\n\nUpdate existing code comments to reflect the new state of affairs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41045",
"url": "https://www.suse.com/security/cve/CVE-2024-41045"
},
{
"category": "external",
"summary": "SUSE Bug 1228531 for CVE-2024-41045",
"url": "https://bugzilla.suse.com/1228531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41045"
},
{
"cve": "CVE-2024-41056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files\n\nUse strnlen() instead of strlen() on the algorithm and coefficient name\nstring arrays in V1 wmfw files.\n\nIn V1 wmfw files the name is a NUL-terminated string in a fixed-size\narray. cs_dsp should protect against overrunning the array if the NUL\nterminator is missing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41056",
"url": "https://www.suse.com/security/cve/CVE-2024-41056"
},
{
"category": "external",
"summary": "SUSE Bug 1228480 for CVE-2024-41056",
"url": "https://bugzilla.suse.com/1228480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41056"
},
{
"cve": "CVE-2024-41060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: check bo_va-\u003ebo is non-NULL before using it\n\nThe call to radeon_vm_clear_freed might clear bo_va-\u003ebo, so\nwe have to check it before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41060",
"url": "https://www.suse.com/security/cve/CVE-2024-41060"
},
{
"category": "external",
"summary": "SUSE Bug 1228567 for CVE-2024-41060",
"url": "https://bugzilla.suse.com/1228567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41060"
},
{
"cve": "CVE-2024-41062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/l2cap: sync sock recv cb and release\n\nThe problem occurs between the system call to close the sock and hci_rx_work,\nwhere the former releases the sock and the latter accesses it without lock protection.\n\n CPU0 CPU1\n ---- ----\n sock_close hci_rx_work\n\t l2cap_sock_release hci_acldata_packet\n\t l2cap_sock_kill l2cap_recv_frame\n\t sk_free l2cap_conless_channel\n\t l2cap_sock_recv_cb\n\nIf hci_rx_work processes the data that needs to be received before the sock is\nclosed, then everything is normal; Otherwise, the work thread may access the\nreleased sock when receiving data.\n\nAdd a chan mutex in the rx callback of the sock to achieve synchronization between\nthe sock release and recv cb.\n\nSock is dead, so set chan data to NULL, avoid others use invalid sock pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41062",
"url": "https://www.suse.com/security/cve/CVE-2024-41062"
},
{
"category": "external",
"summary": "SUSE Bug 1228576 for CVE-2024-41062",
"url": "https://bugzilla.suse.com/1228576"
},
{
"category": "external",
"summary": "SUSE Bug 1228578 for CVE-2024-41062",
"url": "https://bugzilla.suse.com/1228578"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2024-41062"
},
{
"cve": "CVE-2024-41065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41065"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Whitelist dtl slub object for copying to userspace\n\nReading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-*\nresults in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as\nshown below.\n\n kernel BUG at mm/usercopy.c:102!\n Oops: Exception in kernel mode, sig: 5 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc\n scsi_transport_fc ibmveth pseries_wdt dm_multipath dm_mirror dm_region_hash dm_log dm_mod fuse\n CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85\n Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_042) hv:phyp pSeries\n NIP: c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8\n REGS: c000000120c078c0 TRAP: 0700 Not tainted (6.10.0-rc3)\n MSR: 8000000000029033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 2828220f XER: 0000000e\n CFAR: c0000000001fdc80 IRQMASK: 0\n [ ... GPRs omitted ... ]\n NIP [c0000000005d23d4] usercopy_abort+0x78/0xb0\n LR [c0000000005d23d0] usercopy_abort+0x74/0xb0\n Call Trace:\n usercopy_abort+0x74/0xb0 (unreliable)\n __check_heap_object+0xf8/0x120\n check_heap_object+0x218/0x240\n __check_object_size+0x84/0x1a4\n dtl_file_read+0x17c/0x2c4\n full_proxy_read+0x8c/0x110\n vfs_read+0xdc/0x3a0\n ksys_read+0x84/0x144\n system_call_exception+0x124/0x330\n system_call_vectored_common+0x15c/0x2ec\n --- interrupt: 3000 at 0x7fff81f3ab34\n\nCommit 6d07d1cd300f (\"usercopy: Restrict non-usercopy caches to size 0\")\nrequires that only whitelisted areas in slab/slub objects can be copied to\nuserspace when usercopy hardening is enabled using CONFIG_HARDENED_USERCOPY.\nDtl contains hypervisor dispatch events which are expected to be read by\nprivileged users. Hence mark this safe for user access.\nSpecify useroffset=0 and usersize=DISPATCH_LOG_BYTES to whitelist the\nentire object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41065",
"url": "https://www.suse.com/security/cve/CVE-2024-41065"
},
{
"category": "external",
"summary": "SUSE Bug 1228636 for CVE-2024-41065",
"url": "https://bugzilla.suse.com/1228636"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41065"
},
{
"cve": "CVE-2024-41068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41068"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Fix sclp_init() cleanup on failure\n\nIf sclp_init() fails it only partially cleans up: if there are multiple\nfailing calls to sclp_init() sclp_state_change_event will be added several\ntimes to sclp_reg_list, which results in the following warning:\n\n------------[ cut here ]------------\nlist_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10.\nWARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3\nKrnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8)\n R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\n...\nCall Trace:\n [\u003c000003ffe0d6076a\u003e] __list_add_valid_or_report+0xe2/0xf8\n([\u003c000003ffe0d60766\u003e] __list_add_valid_or_report+0xde/0xf8)\n [\u003c000003ffe0a8d37e\u003e] sclp_init+0x40e/0x450\n [\u003c000003ffe00009f2\u003e] do_one_initcall+0x42/0x1e0\n [\u003c000003ffe15b77a6\u003e] do_initcalls+0x126/0x150\n [\u003c000003ffe15b7a0a\u003e] kernel_init_freeable+0x1ba/0x1f8\n [\u003c000003ffe0d6650e\u003e] kernel_init+0x2e/0x180\n [\u003c000003ffe000301c\u003e] __ret_from_fork+0x3c/0x60\n [\u003c000003ffe0d759ca\u003e] ret_from_fork+0xa/0x30\n\nFix this by removing sclp_state_change_event from sclp_reg_list when\nsclp_init() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41068",
"url": "https://www.suse.com/security/cve/CVE-2024-41068"
},
{
"category": "external",
"summary": "SUSE Bug 1228579 for CVE-2024-41068",
"url": "https://bugzilla.suse.com/1228579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41068"
},
{
"cve": "CVE-2024-41073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: avoid double free special payload\n\nIf a discard request needs to be retried, and that retry may fail before\na new special payload is added, a double free will result. Clear the\nRQF_SPECIAL_LOAD when the request is cleaned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41073",
"url": "https://www.suse.com/security/cve/CVE-2024-41073"
},
{
"category": "external",
"summary": "SUSE Bug 1228635 for CVE-2024-41073",
"url": "https://bugzilla.suse.com/1228635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41073"
},
{
"cve": "CVE-2024-41079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: always initialize cqe.result\n\nThe spec doesn\u0027t mandate that the first two double words (aka results)\nfor the command queue entry need to be set to 0 when they are not\nused (not specified). Though, the target implemention returns 0 for TCP\nand FC but not for RDMA.\n\nLet\u0027s make RDMA behave the same and thus explicitly initializing the\nresult field. This prevents leaking any data from the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41079",
"url": "https://www.suse.com/security/cve/CVE-2024-41079"
},
{
"category": "external",
"summary": "SUSE Bug 1228615 for CVE-2024-41079",
"url": "https://bugzilla.suse.com/1228615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41079"
},
{
"cve": "CVE-2024-41080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix possible deadlock in io_register_iowq_max_workers()\n\nThe io_register_iowq_max_workers() function calls io_put_sq_data(),\nwhich acquires the sqd-\u003elock without releasing the uring_lock.\nSimilar to the commit 009ad9f0c6ee (\"io_uring: drop ctx-\u003euring_lock\nbefore acquiring sqd-\u003elock\"), this can lead to a potential deadlock\nsituation.\n\nTo resolve this issue, the uring_lock is released before calling\nio_put_sq_data(), and then it is re-acquired after the function call.\n\nThis change ensures that the locks are acquired in the correct\norder, preventing the possibility of a deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41080",
"url": "https://www.suse.com/security/cve/CVE-2024-41080"
},
{
"category": "external",
"summary": "SUSE Bug 1228616 for CVE-2024-41080",
"url": "https://bugzilla.suse.com/1228616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41080"
},
{
"cve": "CVE-2024-41087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix double free on error\n\nIf e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump\nto the err_out label, which will call devres_release_group().\ndevres_release_group() will trigger a call to ata_host_release().\nata_host_release() calls kfree(host), so executing the kfree(host) in\nata_host_alloc() will lead to a double free:\n\nkernel BUG at mm/slub.c:553!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:kfree+0x2cf/0x2f0\nCode: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da\nRSP: 0018:ffffc90000f377f0 EFLAGS: 00010246\nRAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320\nRDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0\nRBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780\nR13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006\nFS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x6a/0x90\n ? kfree+0x2cf/0x2f0\n ? exc_invalid_op+0x50/0x70\n ? kfree+0x2cf/0x2f0\n ? asm_exc_invalid_op+0x1a/0x20\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? kfree+0x2cf/0x2f0\n ata_host_alloc+0xf5/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nEnsure that we will not call kfree(host) twice, by performing the kfree()\nonly if the devres_open_group() call failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41087",
"url": "https://www.suse.com/security/cve/CVE-2024-41087"
},
{
"category": "external",
"summary": "SUSE Bug 1228466 for CVE-2024-41087",
"url": "https://bugzilla.suse.com/1228466"
},
{
"category": "external",
"summary": "SUSE Bug 1228740 for CVE-2024-41087",
"url": "https://bugzilla.suse.com/1228740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2024-41087"
},
{
"cve": "CVE-2024-41088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251xfd: fix infinite loop when xmit fails\n\nWhen the mcp251xfd_start_xmit() function fails, the driver stops\nprocessing messages, and the interrupt routine does not return,\nrunning indefinitely even after killing the running application.\n\nError messages:\n[ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16\n[ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3).\n... and repeat forever.\n\nThe issue can be triggered when multiple devices share the same SPI\ninterface. And there is concurrent access to the bus.\n\nThe problem occurs because tx_ring-\u003ehead increments even if\nmcp251xfd_start_xmit() fails. Consequently, the driver skips one TX\npackage while still expecting a response in\nmcp251xfd_handle_tefif_one().\n\nResolve the issue by starting a workqueue to write the tx obj\nsynchronously if err = -EBUSY. In case of another error, decrement\ntx_ring-\u003ehead, remove skb from the echo stack, and drop the message.\n\n[mkl: use more imperative wording in patch description]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41088",
"url": "https://www.suse.com/security/cve/CVE-2024-41088"
},
{
"category": "external",
"summary": "SUSE Bug 1228469 for CVE-2024-41088",
"url": "https://bugzilla.suse.com/1228469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41088"
},
{
"cve": "CVE-2024-41089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes\n\nIn nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). The same applies to drm_cvt_mode().\nAdd a check to avoid null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41089",
"url": "https://www.suse.com/security/cve/CVE-2024-41089"
},
{
"category": "external",
"summary": "SUSE Bug 1228658 for CVE-2024-41089",
"url": "https://bugzilla.suse.com/1228658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41089"
},
{
"cve": "CVE-2024-41092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41092"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix potential UAF by revoke of fence registers\n\nCI has been sporadically reporting the following issue triggered by\nigt@i915_selftest@live@hangcheck on ADL-P and similar machines:\n\n\u003c6\u003e [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence\n...\n\u003c6\u003e [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled\n\u003c6\u003e [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled\n\u003c3\u003e [414.070354] Unable to pin Y-tiled fence; err:-4\n\u003c3\u003e [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(\u0026fence-\u003eactive))\n...\n\u003c4\u003e[ 609.603992] ------------[ cut here ]------------\n\u003c2\u003e[ 609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301!\n\u003c4\u003e[ 609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n\u003c4\u003e[ 609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1\n\u003c4\u003e[ 609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023\n\u003c4\u003e[ 609.604010] Workqueue: i915 __i915_gem_free_work [i915]\n\u003c4\u003e[ 609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915]\n...\n\u003c4\u003e[ 609.604271] Call Trace:\n\u003c4\u003e[ 609.604273] \u003cTASK\u003e\n...\n\u003c4\u003e[ 609.604716] __i915_vma_evict+0x2e9/0x550 [i915]\n\u003c4\u003e[ 609.604852] __i915_vma_unbind+0x7c/0x160 [i915]\n\u003c4\u003e[ 609.604977] force_unbind+0x24/0xa0 [i915]\n\u003c4\u003e[ 609.605098] i915_vma_destroy+0x2f/0xa0 [i915]\n\u003c4\u003e[ 609.605210] __i915_gem_object_pages_fini+0x51/0x2f0 [i915]\n\u003c4\u003e[ 609.605330] __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915]\n\u003c4\u003e[ 609.605440] process_scheduled_works+0x351/0x690\n...\n\nIn the past, there were similar failures reported by CI from other IGT\ntests, observed on other platforms.\n\nBefore commit 63baf4f3d587 (\"drm/i915/gt: Only wait for GPU activity\nbefore unbinding a GGTT fence\"), i915_vma_revoke_fence() was waiting for\nidleness of vma-\u003eactive via fence_update(). That commit introduced\nvma-\u003efence-\u003eactive in order for the fence_update() to be able to wait\nselectively on that one instead of vma-\u003eactive since only idleness of\nfence registers was needed. But then, another commit 0d86ee35097a\n(\"drm/i915/gt: Make fence revocation unequivocal\") replaced the call to\nfence_update() in i915_vma_revoke_fence() with only fence_write(), and\nalso added that GEM_BUG_ON(!i915_active_is_idle(\u0026fence-\u003eactive)) in front.\nNo justification was provided on why we might then expect idleness of\nvma-\u003efence-\u003eactive without first waiting on it.\n\nThe issue can be potentially caused by a race among revocation of fence\nregisters on one side and sequential execution of signal callbacks invoked\non completion of a request that was using them on the other, still\nprocessed in parallel to revocation of those fence registers. Fix it by\nwaiting for idleness of vma-\u003efence-\u003eactive in i915_vma_revoke_fence().\n\n(cherry picked from commit 24bb052d3dd499c5956abad5f7d8e4fd07da7fb1)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41092",
"url": "https://www.suse.com/security/cve/CVE-2024-41092"
},
{
"category": "external",
"summary": "SUSE Bug 1228483 for CVE-2024-41092",
"url": "https://bugzilla.suse.com/1228483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41092"
},
{
"cve": "CVE-2024-41093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid using null object of framebuffer\n\nInstead of using state-\u003efb-\u003eobj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41093",
"url": "https://www.suse.com/security/cve/CVE-2024-41093"
},
{
"category": "external",
"summary": "SUSE Bug 1228660 for CVE-2024-41093",
"url": "https://bugzilla.suse.com/1228660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41093"
},
{
"cve": "CVE-2024-41095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes\n\nIn nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41095",
"url": "https://www.suse.com/security/cve/CVE-2024-41095"
},
{
"category": "external",
"summary": "SUSE Bug 1228662 for CVE-2024-41095",
"url": "https://bugzilla.suse.com/1228662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41095"
},
{
"cve": "CVE-2024-41097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix endpoint checking in cxacru_bind()\n\nSyzbot is still reporting quite an old issue [1] that occurs due to\nincomplete checking of present usb endpoints. As such, wrong\nendpoints types may be used at urb sumbitting stage which in turn\ntriggers a warning in usb_submit_urb().\n\nFix the issue by verifying that required endpoint types are present\nfor both in and out endpoints, taking into account cmd endpoint type.\n\nUnfortunately, this patch has not been tested on real hardware.\n\n[1] Syzbot report:\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\nModules linked in:\nCPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n...\nCall Trace:\n cxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649\n cxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760\n cxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209\n usbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055\n cxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363\n usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:517 [inline]\n really_probe+0x23c/0xcd0 drivers/base/dd.c:595\n __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747\n driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777\n __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894\n bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427\n __device_attach+0x228/0x4a0 drivers/base/dd.c:965\n bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487\n device_add+0xc2f/0x2180 drivers/base/core.c:3354\n usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238\n usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41097",
"url": "https://www.suse.com/security/cve/CVE-2024-41097"
},
{
"category": "external",
"summary": "SUSE Bug 1228513 for CVE-2024-41097",
"url": "https://bugzilla.suse.com/1228513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41097"
},
{
"cve": "CVE-2024-41098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix null pointer dereference on error\n\nIf the ata_port_alloc() call in ata_host_alloc() fails,\nata_host_release() will get called.\n\nHowever, the code in ata_host_release() tries to free ata_port struct\nmembers unconditionally, which can lead to the following:\n\nBUG: unable to handle page fault for address: 0000000000003990\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 10 PID: 594 Comm: (udev-worker) Not tainted 6.10.0-rc5 #44\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:ata_host_release.cold+0x2f/0x6e [libata]\nCode: e4 4d 63 f4 44 89 e2 48 c7 c6 90 ad 32 c0 48 c7 c7 d0 70 33 c0 49 83 c6 0e 41\nRSP: 0018:ffffc90000ebb968 EFLAGS: 00010246\nRAX: 0000000000000041 RBX: ffff88810fb52e78 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff88813b3218c0 RDI: ffff88813b3218c0\nRBP: ffff88810fb52e40 R08: 0000000000000000 R09: 6c65725f74736f68\nR10: ffffc90000ebb738 R11: 73692033203a746e R12: 0000000000000004\nR13: 0000000000000000 R14: 0000000000000011 R15: 0000000000000006\nFS: 00007f6cc55b9980(0000) GS:ffff88813b300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000003990 CR3: 00000001122a2000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? page_fault_oops+0x15a/0x2f0\n ? exc_page_fault+0x7e/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? ata_host_release.cold+0x2f/0x6e [libata]\n ? ata_host_release.cold+0x2f/0x6e [libata]\n release_nodes+0x35/0xb0\n devres_release_group+0x113/0x140\n ata_host_alloc+0xed/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nDo not access ata_port struct members unconditionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41098",
"url": "https://www.suse.com/security/cve/CVE-2024-41098"
},
{
"category": "external",
"summary": "SUSE Bug 1228467 for CVE-2024-41098",
"url": "https://bugzilla.suse.com/1228467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-41098"
},
{
"cve": "CVE-2024-42069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix possible double free in error handling path\n\nWhen auxiliary_device_add() returns error and then calls\nauxiliary_device_uninit(), callback function adev_release\ncalls kfree(madev). We shouldn\u0027t call kfree(madev) again\nin the error handling path. Set \u0027madev\u0027 to NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42069",
"url": "https://www.suse.com/security/cve/CVE-2024-42069"
},
{
"category": "external",
"summary": "SUSE Bug 1228463 for CVE-2024-42069",
"url": "https://bugzilla.suse.com/1228463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42069"
},
{
"cve": "CVE-2024-42074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp: add a null check for chip_pdev structure\n\nWhen acp platform device creation is skipped, chip-\u003echip_pdev value will\nremain NULL. Add NULL check for chip-\u003echip_pdev structure in\nsnd_acp_resume() function to avoid null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42074",
"url": "https://www.suse.com/security/cve/CVE-2024-42074"
},
{
"category": "external",
"summary": "SUSE Bug 1228481 for CVE-2024-42074",
"url": "https://bugzilla.suse.com/1228481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42074"
},
{
"cve": "CVE-2024-42076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: can: j1939: Initialize unused data in j1939_send_one()\n\nsyzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one()\ncreates full frame including unused data, but it doesn\u0027t initialize\nit. This causes the kernel-infoleak issue. Fix this by initializing\nunused data.\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n copy_to_iter include/linux/uio.h:196 [inline]\n memcpy_to_msg include/linux/skbuff.h:4113 [inline]\n raw_recvmsg+0x2b8/0x9e0 net/can/raw.c:1008\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x2c4/0x340 net/socket.c:1068\n ____sys_recvmsg+0x18a/0x620 net/socket.c:2803\n ___sys_recvmsg+0x223/0x840 net/socket.c:2845\n do_recvmmsg+0x4fc/0xfd0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x397/0x490 net/socket.c:3034\n x64_sys_call+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:300\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1313 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795\n sock_alloc_send_skb include/net/sock.h:1842 [inline]\n j1939_sk_alloc_skb net/can/j1939/socket.c:878 [inline]\n j1939_sk_send_loop net/can/j1939/socket.c:1142 [inline]\n j1939_sk_sendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674\n x64_sys_call+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nBytes 12-15 of 16 are uninitialized\nMemory access of size 16 starts at ffff888120969690\nData copied to user address 00000000200017c0\n\nCPU: 1 PID: 5050 Comm: syz-executor198 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42076",
"url": "https://www.suse.com/security/cve/CVE-2024-42076"
},
{
"category": "external",
"summary": "SUSE Bug 1228484 for CVE-2024-42076",
"url": "https://bugzilla.suse.com/1228484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42076"
},
{
"cve": "CVE-2024-42077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix DIO failure due to insufficient transaction credits\n\nThe code in ocfs2_dio_end_io_write() estimates number of necessary\ntransaction credits using ocfs2_calc_extend_credits(). This however does\nnot take into account that the IO could be arbitrarily large and can\ncontain arbitrary number of extents.\n\nExtent tree manipulations do often extend the current transaction but not\nin all of the cases. For example if we have only single block extents in\nthe tree, ocfs2_mark_extent_written() will end up calling\nocfs2_replace_extent_rec() all the time and we will never extend the\ncurrent transaction and eventually exhaust all the transaction credits if\nthe IO contains many single block extents. Once that happens a\nWARN_ON(jbd2_handle_buffer_credits(handle) \u003c= 0) is triggered in\njbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to\nthis error. This was actually triggered by one of our customers on a\nheavily fragmented OCFS2 filesystem.\n\nTo fix the issue make sure the transaction always has enough credits for\none extent insert before each call of ocfs2_mark_extent_written().\n\nHeming Zhao said:\n\n------\nPANIC: \"Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error\"\n\nPID: xxx TASK: xxxx CPU: 5 COMMAND: \"SubmitThread-CA\"\n #0 machine_kexec at ffffffff8c069932\n #1 __crash_kexec at ffffffff8c1338fa\n #2 panic at ffffffff8c1d69b9\n #3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2]\n #4 __ocfs2_abort at ffffffffc0c88387 [ocfs2]\n #5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2]\n #6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2]\n #7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2]\n #8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2]\n #9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2]\n#10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2]\n#11 dio_complete at ffffffff8c2b9fa7\n#12 do_blockdev_direct_IO at ffffffff8c2bc09f\n#13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2]\n#14 generic_file_direct_write at ffffffff8c1dcf14\n#15 __generic_file_write_iter at ffffffff8c1dd07b\n#16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2]\n#17 aio_write at ffffffff8c2cc72e\n#18 kmem_cache_alloc at ffffffff8c248dde\n#19 do_io_submit at ffffffff8c2ccada\n#20 do_syscall_64 at ffffffff8c004984\n#21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42077",
"url": "https://www.suse.com/security/cve/CVE-2024-42077"
},
{
"category": "external",
"summary": "SUSE Bug 1228516 for CVE-2024-42077",
"url": "https://bugzilla.suse.com/1228516"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42077"
},
{
"cve": "CVE-2024-42080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/restrack: Fix potential invalid address access\n\nstruct rdma_restrack_entry\u0027s kern_name was set to KBUILD_MODNAME\nin ib_create_cq(), while if the module exited but forgot del this\nrdma_restrack_entry, it would cause a invalid address access in\nrdma_restrack_clean() when print the owner of this rdma_restrack_entry.\n\nThese code is used to help find one forgotten PD release in one of the\nULPs. But it is not needed anymore, so delete them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42080",
"url": "https://www.suse.com/security/cve/CVE-2024-42080"
},
{
"category": "external",
"summary": "SUSE Bug 1228673 for CVE-2024-42080",
"url": "https://bugzilla.suse.com/1228673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42080"
},
{
"cve": "CVE-2024-42082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: Remove WARN() from __xdp_reg_mem_model()\n\nsyzkaller reports a warning in __xdp_reg_mem_model().\n\nThe warning occurs only if __mem_id_init_hash_table() returns an error. It\nreturns the error in two cases:\n\n 1. memory allocation fails;\n 2. rhashtable_init() fails when some fields of rhashtable_params\n struct are not initialized properly.\n\nThe second case cannot happen since there is a static const rhashtable_params\nstruct with valid fields. So, warning is only triggered when there is a\nproblem with memory allocation.\n\nThus, there is no sense in using WARN() to handle this error and it can be\nsafely removed.\n\nWARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCall Trace:\n xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344\n xdp_test_run_setup net/bpf/test_run.c:188 [inline]\n bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377\n bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267\n bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240\n __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649\n __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42082",
"url": "https://www.suse.com/security/cve/CVE-2024-42082"
},
{
"category": "external",
"summary": "SUSE Bug 1228482 for CVE-2024-42082",
"url": "https://bugzilla.suse.com/1228482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42082"
},
{
"cve": "CVE-2024-42085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock\n\nWhen config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system\nto enter suspend status with below command:\necho mem \u003e /sys/power/state\nThere will be a deadlock issue occurring. Detailed invoking path as\nbelow:\ndwc3_suspend_common()\n spin_lock_irqsave(\u0026dwc-\u003elock, flags); \u003c-- 1st\n dwc3_gadget_suspend(dwc);\n dwc3_gadget_soft_disconnect(dwc);\n spin_lock_irqsave(\u0026dwc-\u003elock, flags); \u003c-- 2nd\nThis issue is exposed by commit c7ebd8149ee5 (\"usb: dwc3: gadget: Fix\nNULL pointer dereference in dwc3_gadget_suspend\") that removes the code\nof checking whether dwc-\u003egadget_driver is NULL or not. It causes the\nfollowing code is executed and deadlock occurs when trying to get the\nspinlock. In fact, the root cause is the commit 5265397f9442(\"usb: dwc3:\nRemove DWC3 locking during gadget suspend/resume\") that forgot to remove\nthe lock of otg mode. So, remove the redundant lock of otg mode during\ngadget suspend/resume.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42085",
"url": "https://www.suse.com/security/cve/CVE-2024-42085"
},
{
"category": "external",
"summary": "SUSE Bug 1228456 for CVE-2024-42085",
"url": "https://bugzilla.suse.com/1228456"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42085"
},
{
"cve": "CVE-2024-42086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: chemical: bme680: Fix overflows in compensate() functions\n\nThere are cases in the compensate functions of the driver that\nthere could be overflows of variables due to bit shifting ops.\nThese implications were initially discussed here [1] and they\nwere mentioned in log message of Commit 1b3bd8592780 (\"iio:\nchemical: Add support for Bosch BME680 sensor\").\n\n[1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42086",
"url": "https://www.suse.com/security/cve/CVE-2024-42086"
},
{
"category": "external",
"summary": "SUSE Bug 1228452 for CVE-2024-42086",
"url": "https://bugzilla.suse.com/1228452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42086"
},
{
"cve": "CVE-2024-42087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep\n\nThe ilitek-ili9881c controls the reset GPIO using the non-sleeping\ngpiod_set_value() function. This complains loudly when the GPIO\ncontroller needs to sleep. As the caller can sleep, use\ngpiod_set_value_cansleep() to fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42087",
"url": "https://www.suse.com/security/cve/CVE-2024-42087"
},
{
"category": "external",
"summary": "SUSE Bug 1228677 for CVE-2024-42087",
"url": "https://bugzilla.suse.com/1228677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42087"
},
{
"cve": "CVE-2024-42089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl-asoc-card: set priv-\u003epdev before using it\n\npriv-\u003epdev pointer was set after being used in\nfsl_asoc_card_audmux_init().\nMove this assignment at the start of the probe function, so\nsub-functions can correctly use pdev through priv.\n\nfsl_asoc_card_audmux_init() dereferences priv-\u003epdev to get access to the\ndev struct, used with dev_err macros.\nAs priv is zero-initialised, there would be a NULL pointer dereference.\nNote that if priv-\u003edev is dereferenced before assignment but never used,\nfor example if there is no error to be printed, the driver won\u0027t crash\nprobably due to compiler optimisations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42089",
"url": "https://www.suse.com/security/cve/CVE-2024-42089"
},
{
"category": "external",
"summary": "SUSE Bug 1228450 for CVE-2024-42089",
"url": "https://bugzilla.suse.com/1228450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42089"
},
{
"cve": "CVE-2024-42090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER\n\nIn create_pinctrl(), pinctrl_maps_mutex is acquired before calling\nadd_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl()\ncalls pinctrl_free(). However, pinctrl_free() attempts to acquire\npinctrl_maps_mutex, which is already held by create_pinctrl(), leading to\na potential deadlock.\n\nThis patch resolves the issue by releasing pinctrl_maps_mutex before\ncalling pinctrl_free(), preventing the deadlock.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42090",
"url": "https://www.suse.com/security/cve/CVE-2024-42090"
},
{
"category": "external",
"summary": "SUSE Bug 1228449 for CVE-2024-42090",
"url": "https://bugzilla.suse.com/1228449"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42090"
},
{
"cve": "CVE-2024-42092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42092"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: davinci: Validate the obtained number of IRQs\n\nValue of pdata-\u003egpio_unbanked is taken from Device Tree. In case of broken\nDT due to any error this value can be any. Without this value validation\nthere can be out of chips-\u003eirqs array boundaries access in\ndavinci_gpio_probe().\n\nValidate the obtained nirq value so that it won\u0027t exceed the maximum\nnumber of IRQs per bank.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42092",
"url": "https://www.suse.com/security/cve/CVE-2024-42092"
},
{
"category": "external",
"summary": "SUSE Bug 1228447 for CVE-2024-42092",
"url": "https://bugzilla.suse.com/1228447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42092"
},
{
"cve": "CVE-2024-42095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_omap: Implementation of Errata i2310\n\nAs per Errata i2310[0], Erroneous timeout can be triggered,\nif this Erroneous interrupt is not cleared then it may leads\nto storm of interrupts, therefore apply Errata i2310 solution.\n\n[0] https://www.ti.com/lit/pdf/sprz536 page 23",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42095",
"url": "https://www.suse.com/security/cve/CVE-2024-42095"
},
{
"category": "external",
"summary": "SUSE Bug 1228446 for CVE-2024-42095",
"url": "https://bugzilla.suse.com/1228446"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42095"
},
{
"cve": "CVE-2024-42097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emux: improve patch ioctl data validation\n\nIn load_data(), make the validation of and skipping over the main info\nblock match that in load_guspatch().\n\nIn load_guspatch(), add checking that the specified patch length matches\nthe actually supplied data, like load_data() already did.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42097",
"url": "https://www.suse.com/security/cve/CVE-2024-42097"
},
{
"category": "external",
"summary": "SUSE Bug 1228766 for CVE-2024-42097",
"url": "https://bugzilla.suse.com/1228766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42097"
},
{
"cve": "CVE-2024-42098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdh - explicitly zeroize private_key\n\nprivate_key is overwritten with the key parameter passed in by the\ncaller (if present), or alternatively a newly generated private key.\nHowever, it is possible that the caller provides a key (or the newly\ngenerated key) which is shorter than the previous key. In that\nscenario, some key material from the previous key would not be\noverwritten. The easiest solution is to explicitly zeroize the entire\nprivate_key array first.\n\nNote that this patch slightly changes the behavior of this function:\npreviously, if the ecc_gen_privkey failed, the old private_key would\nremain. Now, the private_key is always zeroized. This behavior is\nconsistent with the case where params.key is set and ecc_is_key_valid\nfails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42098",
"url": "https://www.suse.com/security/cve/CVE-2024-42098"
},
{
"category": "external",
"summary": "SUSE Bug 1228779 for CVE-2024-42098",
"url": "https://bugzilla.suse.com/1228779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42098"
},
{
"cve": "CVE-2024-42101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix null pointer dereference in nouveau_connector_get_modes\n\nIn nouveau_connector_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42101",
"url": "https://www.suse.com/security/cve/CVE-2024-42101"
},
{
"category": "external",
"summary": "SUSE Bug 1228495 for CVE-2024-42101",
"url": "https://bugzilla.suse.com/1228495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42101"
},
{
"cve": "CVE-2024-42104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: add missing check for inode numbers on directory entries\n\nSyzbot reported that mounting and unmounting a specific pattern of\ncorrupted nilfs2 filesystem images causes a use-after-free of metadata\nfile inodes, which triggers a kernel bug in lru_add_fn().\n\nAs Jan Kara pointed out, this is because the link count of a metadata file\ngets corrupted to 0, and nilfs_evict_inode(), which is called from iput(),\ntries to delete that inode (ifile inode in this case).\n\nThe inconsistency occurs because directories containing the inode numbers\nof these metadata files that should not be visible in the namespace are\nread without checking.\n\nFix this issue by treating the inode numbers of these internal files as\nerrors in the sanity check helper when reading directory folios/pages.\n\nAlso thanks to Hillf Danton and Matthew Wilcox for their initial mm-layer\nanalysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42104",
"url": "https://www.suse.com/security/cve/CVE-2024-42104"
},
{
"category": "external",
"summary": "SUSE Bug 1228654 for CVE-2024-42104",
"url": "https://bugzilla.suse.com/1228654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42104"
},
{
"cve": "CVE-2024-42106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet_diag: Initialize pad field in struct inet_diag_req_v2\n\nKMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw\nsockets uses the pad field in struct inet_diag_req_v2 for the\nunderlying protocol. This field corresponds to the sdiag_raw_protocol\nfield in struct inet_diag_req_raw.\n\ninet_diag_get_exact_compat() converts inet_diag_req to\ninet_diag_req_v2, but leaves the pad field uninitialized. So the issue\noccurs when raw_lookup() accesses the sdiag_raw_protocol field.\n\nFix this by initializing the pad field in\ninet_diag_get_exact_compat(). Also, do the same fix in\ninet_diag_dump_compat() to avoid the similar issue in the future.\n\n[1]\nBUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline]\nBUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_lookup net/ipv4/raw_diag.c:49 [inline]\n raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable req.i created at:\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline]\n inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n\nCPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42106",
"url": "https://www.suse.com/security/cve/CVE-2024-42106"
},
{
"category": "external",
"summary": "SUSE Bug 1228493 for CVE-2024-42106",
"url": "https://bugzilla.suse.com/1228493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42106"
},
{
"cve": "CVE-2024-42107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42107",
"url": "https://www.suse.com/security/cve/CVE-2024-42107"
},
{
"category": "external",
"summary": "SUSE Bug 1228494 for CVE-2024-42107",
"url": "https://bugzilla.suse.com/1228494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42107"
},
{
"cve": "CVE-2024-42110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()\n\nThe following is emitted when using idxd (DSA) dmanegine as the data\nmover for ntb_transport that ntb_netdev uses.\n\n[74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526\n[74412.556784] caller is netif_rx_internal+0x42/0x130\n[74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5\n[74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024\n[74412.581699] Call Trace:\n[74412.584514] \u003cTASK\u003e\n[74412.586933] dump_stack_lvl+0x55/0x70\n[74412.591129] check_preemption_disabled+0xc8/0xf0\n[74412.596374] netif_rx_internal+0x42/0x130\n[74412.600957] __netif_rx+0x20/0xd0\n[74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev]\n[74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport]\n[74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport]\n[74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd]\n[74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd]\n[74412.634046] irq_thread_fn+0x21/0x60\n[74412.638134] ? irq_thread+0xa8/0x290\n[74412.642218] irq_thread+0x1a0/0x290\n[74412.646212] ? __pfx_irq_thread_fn+0x10/0x10\n[74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10\n[74412.656117] ? __pfx_irq_thread+0x10/0x10\n[74412.660686] kthread+0x100/0x130\n[74412.664384] ? __pfx_kthread+0x10/0x10\n[74412.668639] ret_from_fork+0x31/0x50\n[74412.672716] ? __pfx_kthread+0x10/0x10\n[74412.676978] ret_from_fork_asm+0x1a/0x30\n[74412.681457] \u003c/TASK\u003e\n\nThe cause is due to the idxd driver interrupt completion handler uses\nthreaded interrupt and the threaded handler is not hard or soft interrupt\ncontext. However __netif_rx() can only be called from interrupt context.\nChange the call to netif_rx() in order to allow completion via normal\ncontext for dmaengine drivers that utilize threaded irq handling.\n\nWhile the following commit changed from netif_rx() to __netif_rx(),\nbaebdf48c360 (\"net: dev: Makes sure netif_rx() can be invoked in any context.\"),\nthe change should\u0027ve been a noop instead. However, the code precedes this\nfix should\u0027ve been using netif_rx_ni() or netif_rx_any_context().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42110",
"url": "https://www.suse.com/security/cve/CVE-2024-42110"
},
{
"category": "external",
"summary": "SUSE Bug 1228501 for CVE-2024-42110",
"url": "https://bugzilla.suse.com/1228501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42110"
},
{
"cve": "CVE-2024-42114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42114"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values\n\nsyzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM\nto 2^31.\n\nWe had a similar issue in sch_fq, fixed with commit\nd9e15a273306 (\"pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM\")\n\nwatchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24]\nModules linked in:\nirq event stamp: 131135\n hardirqs last enabled at (131134): [\u003cffff80008ae8778c\u003e] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline]\n hardirqs last enabled at (131134): [\u003cffff80008ae8778c\u003e] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95\n hardirqs last disabled at (131135): [\u003cffff80008ae85378\u003e] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (131135): [\u003cffff80008ae85378\u003e] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (125892): [\u003cffff80008907e82c\u003e] neigh_hh_init net/core/neighbour.c:1538 [inline]\n softirqs last enabled at (125892): [\u003cffff80008907e82c\u003e] neigh_resolve_output+0x268/0x658 net/core/neighbour.c:1553\n softirqs last disabled at (125896): [\u003cffff80008904166c\u003e] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19\nCPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nWorkqueue: mld mld_ifc_work\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __list_del include/linux/list.h:195 [inline]\n pc : __list_del_entry include/linux/list.h:218 [inline]\n pc : list_move_tail include/linux/list.h:310 [inline]\n pc : fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n pc : ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854\n lr : __list_del_entry include/linux/list.h:218 [inline]\n lr : list_move_tail include/linux/list.h:310 [inline]\n lr : fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n lr : ieee80211_tx_dequeue+0x67c/0x3b4c net/mac80211/tx.c:3854\nsp : ffff800093d36700\nx29: ffff800093d36a60 x28: ffff800093d36960 x27: dfff800000000000\nx26: ffff0000d800ad50 x25: ffff0000d800abe0 x24: ffff0000d800abf0\nx23: ffff0000e0032468 x22: ffff0000e00324d4 x21: ffff0000d800abf0\nx20: ffff0000d800abf8 x19: ffff0000d800abf0 x18: ffff800093d363c0\nx17: 000000000000d476 x16: ffff8000805519dc x15: ffff7000127a6cc8\nx14: 1ffff000127a6cc8 x13: 0000000000000004 x12: ffffffffffffffff\nx11: ffff7000127a6cc8 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffff80009287aa08 x4 : 0000000000000008 x3 : ffff80008034c7fc\nx2 : ffff0000e0032468 x1 : 00000000da0e46b8 x0 : ffff0000e0032470\nCall trace:\n __list_del include/linux/list.h:195 [inline]\n __list_del_entry include/linux/list.h:218 [inline]\n list_move_tail include/linux/list.h:310 [inline]\n fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854\n wake_tx_push_queue net/mac80211/util.c:294 [inline]\n ieee80211_handle_wake_tx_queue+0x118/0x274 net/mac80211/util.c:315\n drv_wake_tx_queue net/mac80211/driver-ops.h:1350 [inline]\n schedule_and_wake_txq net/mac80211/driver-ops.h:1357 [inline]\n ieee80211_queue_skb+0x18e8/0x2244 net/mac80211/tx.c:1664\n ieee80211_tx+0x260/0x400 net/mac80211/tx.c:1966\n ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2062\n __ieee80211_subif_start_xmit+0xab8/0x122c net/mac80211/tx.c:4338\n ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4532\n __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n xmit_one net/core/dev.c:3531 [inline]\n dev_hard_start_xmit+0x27c/0x938 net/core/dev.c:3547\n __dev_queue_xmit+0x1678/0x33fc net/core/dev.c:4341\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n neigh_resolve_output+0x558/0x658 net/core/neighbour.c:1563\n neigh_output include/net/neighbour.h:542 [inline]\n ip6_fini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42114",
"url": "https://www.suse.com/security/cve/CVE-2024-42114"
},
{
"category": "external",
"summary": "SUSE Bug 1228564 for CVE-2024-42114",
"url": "https://bugzilla.suse.com/1228564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42114"
},
{
"cve": "CVE-2024-42115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: Fix potential illegal address access in jffs2_free_inode\n\nDuring the stress testing of the jffs2 file system,the following\nabnormal printouts were found:\n[ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948\n[ 2430.649622] Mem abort info:\n[ 2430.649829] ESR = 0x96000004\n[ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 2430.650564] SET = 0, FnV = 0\n[ 2430.650795] EA = 0, S1PTW = 0\n[ 2430.651032] FSC = 0x04: level 0 translation fault\n[ 2430.651446] Data abort info:\n[ 2430.651683] ISV = 0, ISS = 0x00000004\n[ 2430.652001] CM = 0, WnR = 0\n[ 2430.652558] [0069696969696948] address between user and kernel address ranges\n[ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33\n[ 2430.655008] Hardware name: linux,dummy-virt (DT)\n[ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2430.656142] pc : kfree+0x78/0x348\n[ 2430.656630] lr : jffs2_free_inode+0x24/0x48\n[ 2430.657051] sp : ffff800009eebd10\n[ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000\n[ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000\n[ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14\n[ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000\n[ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000\n[ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19\n[ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14\n[ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302\n[ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342\n[ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000\n[ 2430.664217] Call trace:\n[ 2430.664528] kfree+0x78/0x348\n[ 2430.664855] jffs2_free_inode+0x24/0x48\n[ 2430.665233] i_callback+0x24/0x50\n[ 2430.665528] rcu_do_batch+0x1ac/0x448\n[ 2430.665892] rcu_core+0x28c/0x3c8\n[ 2430.666151] rcu_core_si+0x18/0x28\n[ 2430.666473] __do_softirq+0x138/0x3cc\n[ 2430.666781] irq_exit+0xf0/0x110\n[ 2430.667065] handle_domain_irq+0x6c/0x98\n[ 2430.667447] gic_handle_irq+0xac/0xe8\n[ 2430.667739] call_on_irq_stack+0x28/0x54\nThe parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of\nthe jffs_inode_info structure. It was found that all variables in the jffs_inode_info\nstructure were 5a5a5a5a, except for the first member sem. It is suspected that these\nvariables are not initialized because they were set to 5a5a5a5a during memory testing,\nwhich is meant to detect uninitialized memory.The sem variable is initialized in the\nfunction jffs2_i_init_once, while other members are initialized in\nthe function jffs2_init_inode_info.\n\nThe function jffs2_init_inode_info is called after iget_locked,\nbut in the iget_locked function, the destroy_inode process is triggered,\nwhich releases the inode and consequently, the target member of the inode\nis not initialized.In concurrent high pressure scenarios, iget_locked\nmay enter the destroy_inode branch as described in the code.\n\nSince the destroy_inode functionality of jffs2 only releases the target,\nthe fix method is to set target to NULL in jffs2_i_init_once.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42115",
"url": "https://www.suse.com/security/cve/CVE-2024-42115"
},
{
"category": "external",
"summary": "SUSE Bug 1228656 for CVE-2024-42115",
"url": "https://bugzilla.suse.com/1228656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42115"
},
{
"cve": "CVE-2024-42119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42119"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip finding free audio for unknown engine_id\n\n[WHY]\nENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it\nalso means it is uninitialized and does not need free audio.\n\n[HOW]\nSkip and return NULL.\n\nThis fixes 2 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42119",
"url": "https://www.suse.com/security/cve/CVE-2024-42119"
},
{
"category": "external",
"summary": "SUSE Bug 1228584 for CVE-2024-42119",
"url": "https://bugzilla.suse.com/1228584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42119"
},
{
"cve": "CVE-2024-42120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check pipe offset before setting vblank\n\npipe_ctx has a size of MAX_PIPES so checking its index before accessing\nthe array.\n\nThis fixes an OVERRUN issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42120",
"url": "https://www.suse.com/security/cve/CVE-2024-42120"
},
{
"category": "external",
"summary": "SUSE Bug 1228588 for CVE-2024-42120",
"url": "https://bugzilla.suse.com/1228588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42120"
},
{
"cve": "CVE-2024-42121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42121"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index msg_id before read or write\n\n[WHAT]\nmsg_id is used as an array index and it cannot be a negative value, and\ntherefore cannot be equal to MOD_HDCP_MESSAGE_ID_INVALID (-1).\n\n[HOW]\nCheck whether msg_id is valid before reading and setting.\n\nThis fixes 4 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42121",
"url": "https://www.suse.com/security/cve/CVE-2024-42121"
},
{
"category": "external",
"summary": "SUSE Bug 1228590 for CVE-2024-42121",
"url": "https://bugzilla.suse.com/1228590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42121"
},
{
"cve": "CVE-2024-42126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.\n\nnmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel\ncrash when invoked during real mode interrupt handling (e.g. early HMI/MCE\ninterrupt handler) if percpu allocation comes from vmalloc area.\n\nEarly HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI()\nwrapper which invokes nmi_enter/nmi_exit calls. We don\u0027t see any issue when\npercpu allocation is from the embedded first chunk. However with\nCONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu\nallocation can come from the vmalloc area.\n\nWith kernel command line \"percpu_alloc=page\" we can force percpu allocation\nto come from vmalloc area and can see kernel crash in machine_check_early:\n\n[ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110\n[ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0\n[ 1.215719] --- interrupt: 200\n[ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable)\n[ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0\n[ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8\n\nFix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu\nfirst chunk is not embedded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42126",
"url": "https://www.suse.com/security/cve/CVE-2024-42126"
},
{
"category": "external",
"summary": "SUSE Bug 1228718 for CVE-2024-42126",
"url": "https://bugzilla.suse.com/1228718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42126"
},
{
"cve": "CVE-2024-42127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/lima: fix shared irq handling on driver remove\n\nlima uses a shared interrupt, so the interrupt handlers must be prepared\nto be called at any time. At driver removal time, the clocks are\ndisabled early and the interrupts stay registered until the very end of\nthe remove process due to the devm usage.\nThis is potentially a bug as the interrupts access device registers\nwhich assumes clocks are enabled. A crash can be triggered by removing\nthe driver in a kernel with CONFIG_DEBUG_SHIRQ enabled.\nThis patch frees the interrupts at each lima device finishing callback\nso that the handlers are already unregistered by the time we fully\ndisable clocks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42127",
"url": "https://www.suse.com/security/cve/CVE-2024-42127"
},
{
"category": "external",
"summary": "SUSE Bug 1228721 for CVE-2024-42127",
"url": "https://bugzilla.suse.com/1228721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42127"
},
{
"cve": "CVE-2024-42130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42130"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc/nci: Add the inconsistency check between the input data length and count\n\nwrite$nci(r0, \u0026(0x7f0000000740)=ANY=[@ANYBLOB=\"610501\"], 0xf)\n\nSyzbot constructed a write() call with a data length of 3 bytes but a count value\nof 15, which passed too little data to meet the basic requirements of the function\nnci_rf_intf_activated_ntf_packet().\n\nTherefore, increasing the comparison between data length and count value to avoid\nproblems caused by inconsistent data length and count.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42130",
"url": "https://www.suse.com/security/cve/CVE-2024-42130"
},
{
"category": "external",
"summary": "SUSE Bug 1228687 for CVE-2024-42130",
"url": "https://bugzilla.suse.com/1228687"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42130"
},
{
"cve": "CVE-2024-42137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42137"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot\n\nCommit 272970be3dab (\"Bluetooth: hci_qca: Fix driver shutdown on closed\nserdev\") will cause below regression issue:\n\nBT can\u0027t be enabled after below steps:\ncold boot -\u003e enable BT -\u003e disable BT -\u003e warm reboot -\u003e BT enable failure\nif property enable-gpios is not configured within DT|ACPI for QCA6390.\n\nThe commit is to fix a use-after-free issue within qca_serdev_shutdown()\nby adding condition to avoid the serdev is flushed or wrote after closed\nbut also introduces this regression issue regarding above steps since the\nVSC is not sent to reset controller during warm reboot.\n\nFixed by sending the VSC to reset controller within qca_serdev_shutdown()\nonce BT was ever enabled, and the use-after-free issue is also fixed by\nthis change since the serdev is still opened before it is flushed or wrote.\n\nVerified by the reported machine Dell XPS 13 9310 laptop over below two\nkernel commits:\ncommit e00fc2700a3f (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of bluetooth-next tree.\ncommit b23d98d46d28 (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of linus mainline tree.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42137",
"url": "https://www.suse.com/security/cve/CVE-2024-42137"
},
{
"category": "external",
"summary": "SUSE Bug 1228563 for CVE-2024-42137",
"url": "https://bugzilla.suse.com/1228563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42137"
},
{
"cve": "CVE-2024-42139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message \"extts on unexpected channel\" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42139",
"url": "https://www.suse.com/security/cve/CVE-2024-42139"
},
{
"category": "external",
"summary": "SUSE Bug 1228503 for CVE-2024-42139",
"url": "https://bugzilla.suse.com/1228503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42139"
},
{
"cve": "CVE-2024-42142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-switch, Create ingress ACL when needed\n\nCurrently, ingress acl is used for three features. It is created only\nwhen vport metadata match and prio tag are enabled. But active-backup\nlag mode also uses it. It is independent of vport metadata match and\nprio tag. And vport metadata match can be disabled using the\nfollowing devlink command:\n\n # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \\\n\tvalue false cmode runtime\n\nIf ingress acl is not created, will hit panic when creating drop rule\nfor active-backup lag mode. If always create it, there will be about\n5% performance degradation.\n\nFix it by creating ingress acl when needed. If esw_port_metadata is\ntrue, ingress acl exists, then create drop rule using existing\ningress acl. If esw_port_metadata is false, create ingress acl and\nthen create drop rule.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42142",
"url": "https://www.suse.com/security/cve/CVE-2024-42142"
},
{
"category": "external",
"summary": "SUSE Bug 1228491 for CVE-2024-42142",
"url": "https://bugzilla.suse.com/1228491"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42142"
},
{
"cve": "CVE-2024-42143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42143"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42143",
"url": "https://www.suse.com/security/cve/CVE-2024-42143"
},
{
"category": "external",
"summary": "SUSE Bug 1228748 for CVE-2024-42143",
"url": "https://bugzilla.suse.com/1228748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42143"
},
{
"cve": "CVE-2024-42148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnx2x: Fix multiple UBSAN array-index-out-of-bounds\n\nFix UBSAN warnings that occur when using a system with 32 physical\ncpu cores or more, or when the user defines a number of Ethernet\nqueues greater than or equal to FP_SB_MAX_E1x using the num_queues\nmodule parameter.\n\nCurrently there is a read/write out of bounds that occurs on the array\n\"struct stats_query_entry query\" present inside the \"bnx2x_fw_stats_req\"\nstruct in \"drivers/net/ethernet/broadcom/bnx2x/bnx2x.h\".\nLooking at the definition of the \"struct stats_query_entry query\" array:\n\nstruct stats_query_entry query[FP_SB_MAX_E1x+\n BNX2X_FIRST_QUEUE_QUERY_IDX];\n\nFP_SB_MAX_E1x is defined as the maximum number of fast path interrupts and\nhas a value of 16, while BNX2X_FIRST_QUEUE_QUERY_IDX has a value of 3\nmeaning the array has a total size of 19.\nSince accesses to \"struct stats_query_entry query\" are offset-ted by\nBNX2X_FIRST_QUEUE_QUERY_IDX, that means that the total number of Ethernet\nqueues should not exceed FP_SB_MAX_E1x (16). However one of these queues\nis reserved for FCOE and thus the number of Ethernet queues should be set\nto [FP_SB_MAX_E1x -1] (15) if FCOE is enabled or [FP_SB_MAX_E1x] (16) if\nit is not.\n\nThis is also described in a comment in the source code in\ndrivers/net/ethernet/broadcom/bnx2x/bnx2x.h just above the Macro definition\nof FP_SB_MAX_E1x. Below is the part of this explanation that it important\nfor this patch\n\n/*\n * The total number of L2 queues, MSIX vectors and HW contexts (CIDs) is\n * control by the number of fast-path status blocks supported by the\n * device (HW/FW). Each fast-path status block (FP-SB) aka non-default\n * status block represents an independent interrupts context that can\n * serve a regular L2 networking queue. However special L2 queues such\n * as the FCoE queue do not require a FP-SB and other components like\n * the CNIC may consume FP-SB reducing the number of possible L2 queues\n *\n * If the maximum number of FP-SB available is X then:\n * a. If CNIC is supported it consumes 1 FP-SB thus the max number of\n * regular L2 queues is Y=X-1\n * b. In MF mode the actual number of L2 queues is Y= (X-1/MF_factor)\n * c. If the FCoE L2 queue is supported the actual number of L2 queues\n * is Y+1\n * d. The number of irqs (MSIX vectors) is either Y+1 (one extra for\n * slow-path interrupts) or Y+2 if CNIC is supported (one additional\n * FP interrupt context for the CNIC).\n * e. The number of HW context (CID count) is always X or X+1 if FCoE\n * L2 queue is supported. The cid for the FCoE L2 queue is always X.\n */\n\nHowever this driver also supports NICs that use the E2 controller which can\nhandle more queues due to having more FP-SB represented by FP_SB_MAX_E2.\nLooking at the commits when the E2 support was added, it was originally\nusing the E1x parameters: commit f2e0899f0f27 (\"bnx2x: Add 57712 support\").\nBack then FP_SB_MAX_E2 was set to 16 the same as E1x. However the driver\nwas later updated to take full advantage of the E2 instead of having it be\nlimited to the capabilities of the E1x. But as far as we can tell, the\narray \"stats_query_entry query\" was still limited to using the FP-SB\navailable to the E1x cards as part of an oversignt when the driver was\nupdated to take full advantage of the E2, and now with the driver being\naware of the greater queue size supported by E2 NICs, it causes the UBSAN\nwarnings seen in the stack traces below.\n\nThis patch increases the size of the \"stats_query_entry query\" array by\nreplacing FP_SB_MAX_E1x with FP_SB_MAX_E2 to be large enough to handle\nboth types of NICs.\n\nStack traces:\n\nUBSAN: array-index-out-of-bounds in\n drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11\nindex 20 is out of range for type \u0027stats_query_entry [19]\u0027\nCPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic\n\t #202405052133\nHardware name: HP ProLiant DL360 Gen9/ProLiant DL360 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42148",
"url": "https://www.suse.com/security/cve/CVE-2024-42148"
},
{
"category": "external",
"summary": "SUSE Bug 1228487 for CVE-2024-42148",
"url": "https://bugzilla.suse.com/1228487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42148"
},
{
"cve": "CVE-2024-42152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a possible leak when destroy a ctrl during qp establishment\n\nIn nvmet_sq_destroy we capture sq-\u003ectrl early and if it is non-NULL we\nknow that a ctrl was allocated (in the admin connect request handler)\nand we need to release pending AERs, clear ctrl-\u003esqs and sq-\u003ectrl\n(for nvme-loop primarily), and drop the final reference on the ctrl.\n\nHowever, a small window is possible where nvmet_sq_destroy starts (as\na result of the client giving up and disconnecting) concurrently with\nthe nvme admin connect cmd (which may be in an early stage). But *before*\nkill_and_confirm of sq-\u003eref (i.e. the admin connect managed to get an sq\nlive reference). In this case, sq-\u003ectrl was allocated however after it was\ncaptured in a local variable in nvmet_sq_destroy.\nThis prevented the final reference drop on the ctrl.\n\nSolve this by re-capturing the sq-\u003ectrl after all inflight request has\ncompleted, where for sure sq-\u003ectrl reference is final, and move forward\nbased on that.\n\nThis issue was observed in an environment with many hosts connecting\nmultiple ctrls simoutanuosly, creating a delay in allocating a ctrl\nleading up to this race window.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42152",
"url": "https://www.suse.com/security/cve/CVE-2024-42152"
},
{
"category": "external",
"summary": "SUSE Bug 1228724 for CVE-2024-42152",
"url": "https://bugzilla.suse.com/1228724"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42152"
},
{
"cve": "CVE-2024-42155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of protected- and secure-keys\n\nAlthough the clear-key of neither protected- nor secure-keys is\naccessible, this key material should only be visible to the calling\nprocess. So wipe all copies of protected- or secure-keys from stack,\neven in case of an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42155",
"url": "https://www.suse.com/security/cve/CVE-2024-42155"
},
{
"category": "external",
"summary": "SUSE Bug 1228733 for CVE-2024-42155",
"url": "https://bugzilla.suse.com/1228733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42155"
},
{
"cve": "CVE-2024-42156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42156"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of clear-key structures on failure\n\nWipe all sensitive data from stack for all IOCTLs, which convert a\nclear-key into a protected- or secure-key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42156",
"url": "https://www.suse.com/security/cve/CVE-2024-42156"
},
{
"category": "external",
"summary": "SUSE Bug 1228722 for CVE-2024-42156",
"url": "https://bugzilla.suse.com/1228722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42156"
},
{
"cve": "CVE-2024-42157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe sensitive data on failure\n\nWipe sensitive data from stack also if the copy_to_user() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42157",
"url": "https://www.suse.com/security/cve/CVE-2024-42157"
},
{
"category": "external",
"summary": "SUSE Bug 1228727 for CVE-2024-42157",
"url": "https://bugzilla.suse.com/1228727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42157"
},
{
"cve": "CVE-2024-42158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Use kfree_sensitive() to fix Coccinelle warnings\n\nReplace memzero_explicit() and kfree() with kfree_sensitive() to fix\nwarnings reported by Coccinelle:\n\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42158",
"url": "https://www.suse.com/security/cve/CVE-2024-42158"
},
{
"category": "external",
"summary": "SUSE Bug 1228720 for CVE-2024-42158",
"url": "https://bugzilla.suse.com/1228720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42158"
},
{
"cve": "CVE-2024-42162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42162"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Account for stopped queues when reading NIC stats\n\nWe now account for the fact that the NIC might send us stats for a\nsubset of queues. Without this change, gve_get_ethtool_stats might make\nan invalid access on the priv-\u003estats_report-\u003estats array.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42162",
"url": "https://www.suse.com/security/cve/CVE-2024-42162"
},
{
"category": "external",
"summary": "SUSE Bug 1228706 for CVE-2024-42162",
"url": "https://bugzilla.suse.com/1228706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42162"
},
{
"cve": "CVE-2024-42223",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42223"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: tda10048: Fix integer overflow\n\nstate-\u003extal_hz can be up to 16M, so it can overflow a 32 bit integer\nwhen multiplied by pll_mfactor.\n\nCreate a new 64 bit variable to hold the calculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42223",
"url": "https://www.suse.com/security/cve/CVE-2024-42223"
},
{
"category": "external",
"summary": "SUSE Bug 1228726 for CVE-2024-42223",
"url": "https://bugzilla.suse.com/1228726"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42223"
},
{
"cve": "CVE-2024-42225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: replace skb_put with skb_put_zero\n\nAvoid potentially reusing uninitialized data",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42225",
"url": "https://www.suse.com/security/cve/CVE-2024-42225"
},
{
"category": "external",
"summary": "SUSE Bug 1228710 for CVE-2024-42225",
"url": "https://bugzilla.suse.com/1228710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42225"
},
{
"cve": "CVE-2024-42228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42228"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n need to have a separate value of 0xffffffff.(Christian)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42228",
"url": "https://www.suse.com/security/cve/CVE-2024-42228"
},
{
"category": "external",
"summary": "SUSE Bug 1228667 for CVE-2024-42228",
"url": "https://bugzilla.suse.com/1228667"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42228"
},
{
"cve": "CVE-2024-42229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42229",
"url": "https://www.suse.com/security/cve/CVE-2024-42229"
},
{
"category": "external",
"summary": "SUSE Bug 1228708 for CVE-2024-42229",
"url": "https://bugzilla.suse.com/1228708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42229"
},
{
"cve": "CVE-2024-42230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix scv instruction crash with kexec\n\nkexec on pseries disables AIL (reloc_on_exc), required for scv\ninstruction support, before other CPUs have been shut down. This means\nthey can execute scv instructions after AIL is disabled, which causes an\ninterrupt at an unexpected entry location that crashes the kernel.\n\nChange the kexec sequence to disable AIL after other CPUs have been\nbrought down.\n\nAs a refresher, the real-mode scv interrupt vector is 0x17000, and the\nfixed-location head code probably couldn\u0027t easily deal with implementing\nsuch high addresses so it was just decided not to support that interrupt\nat all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42230",
"url": "https://www.suse.com/security/cve/CVE-2024-42230"
},
{
"category": "external",
"summary": "SUSE Bug 1228489 for CVE-2024-42230",
"url": "https://bugzilla.suse.com/1228489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42230"
},
{
"cve": "CVE-2024-42232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix race between delayed_work() and ceph_monc_stop()\n\nThe way the delayed work is handled in ceph_monc_stop() is prone to\nraces with mon_fault() and possibly also finish_hunting(). Both of\nthese can requeue the delayed work which wouldn\u0027t be canceled by any of\nthe following code in case that happens after cancel_delayed_work_sync()\nruns -- __close_session() doesn\u0027t mess with the delayed work in order\nto avoid interfering with the hunting interval logic. This part was\nmissed in commit b5d91704f53e (\"libceph: behave in mon_fault() if\ncur_mon \u003c 0\") and use-after-free can still ensue on monc and objects\nthat hang off of it, with monc-\u003eauth and monc-\u003emonmap being\nparticularly susceptible to quickly being reused.\n\nTo fix this:\n\n- clear monc-\u003ecur_mon and monc-\u003ehunting as part of closing the session\n in ceph_monc_stop()\n- bail from delayed_work() if monc-\u003ecur_mon is cleared, similar to how\n it\u0027s done in mon_fault() and finish_hunting() (based on monc-\u003ehunting)\n- call cancel_delayed_work_sync() after the session is closed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42232",
"url": "https://www.suse.com/security/cve/CVE-2024-42232"
},
{
"category": "external",
"summary": "SUSE Bug 1228959 for CVE-2024-42232",
"url": "https://bugzilla.suse.com/1228959"
},
{
"category": "external",
"summary": "SUSE Bug 1229458 for CVE-2024-42232",
"url": "https://bugzilla.suse.com/1229458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2024-42232"
},
{
"cve": "CVE-2024-42236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Prevent OOB read/write in usb_string_copy()\n\nUserspace provided string \u0027s\u0027 could trivially have the length zero. Left\nunchecked this will firstly result in an OOB read in the form\n`if (str[0 - 1] == \u0027\\n\u0027) followed closely by an OOB write in the form\n`str[0 - 1] = \u0027\\0\u0027`.\n\nThere is already a validating check to catch strings that are too long.\nLet\u0027s supply an additional check for invalid strings that are too short.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42236",
"url": "https://www.suse.com/security/cve/CVE-2024-42236"
},
{
"category": "external",
"summary": "SUSE Bug 1228964 for CVE-2024-42236",
"url": "https://bugzilla.suse.com/1228964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42236"
},
{
"cve": "CVE-2024-42237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42237"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Validate payload length before processing block\n\nMove the payload length check in cs_dsp_load() and cs_dsp_coeff_load()\nto be done before the block is processed.\n\nThe check that the length of a block payload does not exceed the number\nof remaining bytes in the firwmware file buffer was being done near the\nend of the loop iteration. However, some code before that check used the\nlength field without validating it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42237",
"url": "https://www.suse.com/security/cve/CVE-2024-42237"
},
{
"category": "external",
"summary": "SUSE Bug 1228992 for CVE-2024-42237",
"url": "https://bugzilla.suse.com/1228992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42237"
},
{
"cve": "CVE-2024-42238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42238"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Return error if block header overflows file\n\nReturn an error from cs_dsp_power_up() if a block header is longer\nthan the amount of data left in the file.\n\nThe previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop\nwhile there was enough data left in the file for a valid region. This\nprotected against overrunning the end of the file data, but it didn\u0027t\nabort the file processing with an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42238",
"url": "https://www.suse.com/security/cve/CVE-2024-42238"
},
{
"category": "external",
"summary": "SUSE Bug 1228991 for CVE-2024-42238",
"url": "https://bugzilla.suse.com/1228991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42238"
},
{
"cve": "CVE-2024-42239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fail bpf_timer_cancel when callback is being cancelled\n\nGiven a schedule:\n\ntimer1 cb\t\t\ttimer2 cb\n\nbpf_timer_cancel(timer2);\tbpf_timer_cancel(timer1);\n\nBoth bpf_timer_cancel calls would wait for the other callback to finish\nexecuting, introducing a lockup.\n\nAdd an atomic_t count named \u0027cancelling\u0027 in bpf_hrtimer. This keeps\ntrack of all in-flight cancellation requests for a given BPF timer.\nWhenever cancelling a BPF timer, we must check if we have outstanding\ncancellation requests, and if so, we must fail the operation with an\nerror (-EDEADLK) since cancellation is synchronous and waits for the\ncallback to finish executing. This implies that we can enter a deadlock\nsituation involving two or more timer callbacks executing in parallel\nand attempting to cancel one another.\n\nNote that we avoid incrementing the cancelling counter for the target\ntimer (the one being cancelled) if bpf_timer_cancel is not invoked from\na callback, to avoid spurious errors. The whole point of detecting\ncur-\u003ecancelling and returning -EDEADLK is to not enter a busy wait loop\n(which may or may not lead to a lockup). This does not apply in case the\ncaller is in a non-callback context, the other side can continue to\ncancel as it sees fit without running into errors.\n\nBackground on prior attempts:\n\nEarlier versions of this patch used a bool \u0027cancelling\u0027 bit and used the\nfollowing pattern under timer-\u003elock to publish cancellation status.\n\nlock(t-\u003elock);\nt-\u003ecancelling = true;\nmb();\nif (cur-\u003ecancelling)\n\treturn -EDEADLK;\nunlock(t-\u003elock);\nhrtimer_cancel(t-\u003etimer);\nt-\u003ecancelling = false;\n\nThe store outside the critical section could overwrite a parallel\nrequests t-\u003ecancelling assignment to true, to ensure the parallely\nexecuting callback observes its cancellation status.\n\nIt would be necessary to clear this cancelling bit once hrtimer_cancel\nis done, but lack of serialization introduced races. Another option was\nexplored where bpf_timer_start would clear the bit when (re)starting the\ntimer under timer-\u003elock. This would ensure serialized access to the\ncancelling bit, but may allow it to be cleared before in-flight\nhrtimer_cancel has finished executing, such that lockups can occur\nagain.\n\nThus, we choose an atomic counter to keep track of all outstanding\ncancellation requests and use it to prevent lockups in case callbacks\nattempt to cancel each other while executing in parallel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42239",
"url": "https://www.suse.com/security/cve/CVE-2024-42239"
},
{
"category": "external",
"summary": "SUSE Bug 1228979 for CVE-2024-42239",
"url": "https://bugzilla.suse.com/1228979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42239"
},
{
"cve": "CVE-2024-42240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/bhi: Avoid warning in #DB handler due to BHI mitigation\n\nWhen BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set\nthen entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the\nclear_bhb_loop() before the TF flag is cleared. This causes the #DB handler\n(exc_debug_kernel()) to issue a warning because single-step is used outside the\nentry_SYSENTER_compat() function.\n\nTo address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY\nafter making sure the TF flag is cleared.\n\nThe problem can be reproduced with the following sequence:\n\n $ cat sysenter_step.c\n int main()\n { asm(\"pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter\"); }\n\n $ gcc -o sysenter_step sysenter_step.c\n\n $ ./sysenter_step\n Segmentation fault (core dumped)\n\nThe program is expected to crash, and the #DB handler will issue a warning.\n\nKernel log:\n\n WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160\n ...\n RIP: 0010:exc_debug_kernel+0xd2/0x160\n ...\n Call Trace:\n \u003c#DB\u003e\n ? show_regs+0x68/0x80\n ? __warn+0x8c/0x140\n ? exc_debug_kernel+0xd2/0x160\n ? report_bug+0x175/0x1a0\n ? handle_bug+0x44/0x90\n ? exc_invalid_op+0x1c/0x70\n ? asm_exc_invalid_op+0x1f/0x30\n ? exc_debug_kernel+0xd2/0x160\n exc_debug+0x43/0x50\n asm_exc_debug+0x1e/0x40\n RIP: 0010:clear_bhb_loop+0x0/0xb0\n ...\n \u003c/#DB\u003e\n \u003cTASK\u003e\n ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d\n \u003c/TASK\u003e\n\n [ bp: Massage commit message. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42240",
"url": "https://www.suse.com/security/cve/CVE-2024-42240"
},
{
"category": "external",
"summary": "SUSE Bug 1228966 for CVE-2024-42240",
"url": "https://bugzilla.suse.com/1228966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42240"
},
{
"cve": "CVE-2024-42244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: mos7840: fix crash on resume\n\nSince commit c49cfa917025 (\"USB: serial: use generic method if no\nalternative is provided in usb serial layer\"), USB serial core calls the\ngeneric resume implementation when the driver has not provided one.\n\nThis can trigger a crash on resume with mos7840 since support for\nmultiple read URBs was added back in 2011. Specifically, both port read\nURBs are now submitted on resume for open ports, but the context pointer\nof the second URB is left set to the core rather than mos7840 port\nstructure.\n\nFix this by implementing dedicated suspend and resume functions for\nmos7840.\n\nTested with Delock 87414 USB 2.0 to 4x serial adapter.\n\n[ johan: analyse crash and rewrite commit message; set busy flag on\n resume; drop bulk-in check; drop unnecessary usb_kill_urb() ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42244",
"url": "https://www.suse.com/security/cve/CVE-2024-42244"
},
{
"category": "external",
"summary": "SUSE Bug 1228967 for CVE-2024-42244",
"url": "https://bugzilla.suse.com/1228967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42244"
},
{
"cve": "CVE-2024-42246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket\n\nWhen using a BPF program on kernel_connect(), the call can return -EPERM. This\ncauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causing\nthe kernel to potentially freeze up.\n\nNeil suggested:\n\n This will propagate -EPERM up into other layers which might not be ready\n to handle it. It might be safer to map EPERM to an error we would be more\n likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.\n\nECONNREFUSED as error seems reasonable. For programs setting a different error\ncan be out of reach (see handling in 4fbac77d2d09) in particular on kernels\nwhich do not have f10d05966196 (\"bpf: Make BPF_PROG_RUN_ARRAY return -err\ninstead of allow boolean\"), thus given that it is better to simply remap for\nconsistent behavior. UDP does handle EPERM in xs_udp_send_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42246",
"url": "https://www.suse.com/security/cve/CVE-2024-42246"
},
{
"category": "external",
"summary": "SUSE Bug 1228989 for CVE-2024-42246",
"url": "https://bugzilla.suse.com/1228989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42246"
},
{
"cve": "CVE-2024-42247",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42247"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: allowedips: avoid unaligned 64-bit memory accesses\n\nOn the parisc platform, the kernel issues kernel warnings because\nswap_endian() tries to load a 128-bit IPv6 address from an unaligned\nmemory location:\n\n Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df)\n Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc)\n\nAvoid such unaligned memory accesses by instead using the\nget_unaligned_be64() helper macro.\n\n[Jason: replace src[8] in original patch with src+8]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42247",
"url": "https://www.suse.com/security/cve/CVE-2024-42247"
},
{
"category": "external",
"summary": "SUSE Bug 1228988 for CVE-2024-42247",
"url": "https://bugzilla.suse.com/1228988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42247"
},
{
"cve": "CVE-2024-42268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n\u2026\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n\u2026\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xa4/0x210\n ? devl_assert_locked+0x3e/0x50\n ? report_bug+0x160/0x280\n ? handle_bug+0x3f/0x80\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? devl_assert_locked+0x3e/0x50\n devlink_notify+0x88/0x2b0\n ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n ? __pfx_devlink_notify+0x10/0x10\n ? process_one_work+0x4b6/0xbb0\n process_one_work+0x4b6/0xbb0\n[\u2026]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42268",
"url": "https://www.suse.com/security/cve/CVE-2024-42268"
},
{
"category": "external",
"summary": "SUSE Bug 1229391 for CVE-2024-42268",
"url": "https://bugzilla.suse.com/1229391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42268"
},
{
"cve": "CVE-2024-42271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42271"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: fix use after free in iucv_sock_close()\n\niucv_sever_path() is called from process context and from bh context.\niucv-\u003epath is used as indicator whether somebody else is taking care of\nsevering the path (or it is already removed / never existed).\nThis needs to be done with atomic compare and swap, otherwise there is a\nsmall window where iucv_sock_close() will try to work with a path that has\nalready been severed and freed by iucv_callback_connrej() called by\niucv_tasklet_fn().\n\nExample:\n[452744.123844] Call Trace:\n[452744.123845] ([\u003c0000001e87f03880\u003e] 0x1e87f03880)\n[452744.123966] [\u003c00000000d593001e\u003e] iucv_path_sever+0x96/0x138\n[452744.124330] [\u003c000003ff801ddbca\u003e] iucv_sever_path+0xc2/0xd0 [af_iucv]\n[452744.124336] [\u003c000003ff801e01b6\u003e] iucv_sock_close+0xa6/0x310 [af_iucv]\n[452744.124341] [\u003c000003ff801e08cc\u003e] iucv_sock_release+0x3c/0xd0 [af_iucv]\n[452744.124345] [\u003c00000000d574794e\u003e] __sock_release+0x5e/0xe8\n[452744.124815] [\u003c00000000d5747a0c\u003e] sock_close+0x34/0x48\n[452744.124820] [\u003c00000000d5421642\u003e] __fput+0xba/0x268\n[452744.124826] [\u003c00000000d51b382c\u003e] task_work_run+0xbc/0xf0\n[452744.124832] [\u003c00000000d5145710\u003e] do_notify_resume+0x88/0x90\n[452744.124841] [\u003c00000000d5978096\u003e] system_call+0xe2/0x2c8\n[452744.125319] Last Breaking-Event-Address:\n[452744.125321] [\u003c00000000d5930018\u003e] iucv_path_sever+0x90/0x138\n[452744.125324]\n[452744.125325] Kernel panic - not syncing: Fatal exception in interrupt\n\nNote that bh_lock_sock() is not serializing the tasklet context against\nprocess context, because the check for sock_owned_by_user() and\ncorresponding handling is missing.\n\nIdeas for a future clean-up patch:\nA) Correct usage of bh_lock_sock() in tasklet context, as described in\nRe-enqueue, if needed. This may require adding return values to the\ntasklet functions and thus changes to all users of iucv.\n\nB) Change iucv tasklet into worker and use only lock_sock() in af_iucv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42271",
"url": "https://www.suse.com/security/cve/CVE-2024-42271"
},
{
"category": "external",
"summary": "SUSE Bug 1229400 for CVE-2024-42271",
"url": "https://bugzilla.suse.com/1229400"
},
{
"category": "external",
"summary": "SUSE Bug 1229401 for CVE-2024-42271",
"url": "https://bugzilla.suse.com/1229401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2024-42271"
},
{
"cve": "CVE-2024-42274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"ALSA: firewire-lib: operate for period elapse event in process context\"\n\nCommit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period elapse event\nin process context\") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n * (lock B) wait for tasklet to finish by calling\n \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n * (lock B) enter tasklet\n * (lock A) attempt to acquire substream lock,\n \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n \u003c/NMI\u003e\n \u003cTASK\u003e\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period\nelapse event in process context\")\n\nReplace inline description to prevent future deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42274",
"url": "https://www.suse.com/security/cve/CVE-2024-42274"
},
{
"category": "external",
"summary": "SUSE Bug 1229417 for CVE-2024-42274",
"url": "https://bugzilla.suse.com/1229417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42274"
},
{
"cve": "CVE-2024-42276",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42276"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42276",
"url": "https://www.suse.com/security/cve/CVE-2024-42276"
},
{
"category": "external",
"summary": "SUSE Bug 1229410 for CVE-2024-42276",
"url": "https://bugzilla.suse.com/1229410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42276"
},
{
"cve": "CVE-2024-42277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom-\u003esdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42277",
"url": "https://www.suse.com/security/cve/CVE-2024-42277"
},
{
"category": "external",
"summary": "SUSE Bug 1229409 for CVE-2024-42277",
"url": "https://bugzilla.suse.com/1229409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42277"
},
{
"cve": "CVE-2024-42280",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42280"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: Fix a use after free in hfcmulti_tx()\n\nDon\u0027t dereference *sp after calling dev_kfree_skb(*sp).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42280",
"url": "https://www.suse.com/security/cve/CVE-2024-42280"
},
{
"category": "external",
"summary": "SUSE Bug 1229388 for CVE-2024-42280",
"url": "https://bugzilla.suse.com/1229388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42280"
},
{
"cve": "CVE-2024-42281",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42281"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2].",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42281",
"url": "https://www.suse.com/security/cve/CVE-2024-42281"
},
{
"category": "external",
"summary": "SUSE Bug 1229386 for CVE-2024-42281",
"url": "https://bugzilla.suse.com/1229386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42281"
},
{
"cve": "CVE-2024-42283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42283"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n # ip nexthop add id 1 dev lo\n # ip nexthop add id 101 group 1\n # strace -e recvmsg ip nexthop get id 101\n ...\n recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42283",
"url": "https://www.suse.com/security/cve/CVE-2024-42283"
},
{
"category": "external",
"summary": "SUSE Bug 1229383 for CVE-2024-42283",
"url": "https://bugzilla.suse.com/1229383"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42283"
},
{
"cve": "CVE-2024-42284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42284",
"url": "https://www.suse.com/security/cve/CVE-2024-42284"
},
{
"category": "external",
"summary": "SUSE Bug 1229382 for CVE-2024-42284",
"url": "https://bugzilla.suse.com/1229382"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42284"
},
{
"cve": "CVE-2024-42285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n conn_id-\u003ecm_id.iw = cm_id;\n cm_id-\u003econtext = conn_id;\n cm_id-\u003ecm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42285",
"url": "https://www.suse.com/security/cve/CVE-2024-42285"
},
{
"category": "external",
"summary": "SUSE Bug 1229381 for CVE-2024-42285",
"url": "https://bugzilla.suse.com/1229381"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42285"
},
{
"cve": "CVE-2024-42286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42286",
"url": "https://www.suse.com/security/cve/CVE-2024-42286"
},
{
"category": "external",
"summary": "SUSE Bug 1229395 for CVE-2024-42286",
"url": "https://bugzilla.suse.com/1229395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42286"
},
{
"cve": "CVE-2024-42287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42287",
"url": "https://www.suse.com/security/cve/CVE-2024-42287"
},
{
"category": "external",
"summary": "SUSE Bug 1229392 for CVE-2024-42287",
"url": "https://bugzilla.suse.com/1229392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42287"
},
{
"cve": "CVE-2024-42288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly. Correctly dereference ICB",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42288",
"url": "https://www.suse.com/security/cve/CVE-2024-42288"
},
{
"category": "external",
"summary": "SUSE Bug 1229398 for CVE-2024-42288",
"url": "https://bugzilla.suse.com/1229398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42288"
},
{
"cve": "CVE-2024-42289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array. For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n Call Trace:\n \u003cTASK\u003e\n qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n ? qla2x00_status_entry+0x768/0x2830\n ? newidle_balance+0x2f0/0x430\n ? dequeue_entity+0x100/0x3c0\n ? qla24xx_process_response_queue+0x6a1/0x19e0\n ? __schedule+0x2d5/0x1140\n ? qla_do_work+0x47/0x60\n ? process_one_work+0x267/0x440\n ? process_one_work+0x440/0x440\n ? worker_thread+0x2d/0x3d0\n ? process_one_work+0x440/0x440\n ? kthread+0x156/0x180\n ? set_kthread_struct+0x50/0x50\n ? ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\nSend out async logout explicitly for all the ports during vport delete.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42289",
"url": "https://www.suse.com/security/cve/CVE-2024-42289"
},
{
"category": "external",
"summary": "SUSE Bug 1229399 for CVE-2024-42289",
"url": "https://bugzilla.suse.com/1229399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42289"
},
{
"cve": "CVE-2024-42291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42291"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42291",
"url": "https://www.suse.com/security/cve/CVE-2024-42291"
},
{
"category": "external",
"summary": "SUSE Bug 1229374 for CVE-2024-42291",
"url": "https://bugzilla.suse.com/1229374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42291"
},
{
"cve": "CVE-2024-42292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42292",
"url": "https://www.suse.com/security/cve/CVE-2024-42292"
},
{
"category": "external",
"summary": "SUSE Bug 1229373 for CVE-2024-42292",
"url": "https://bugzilla.suse.com/1229373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42292"
},
{
"cve": "CVE-2024-42295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42295"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42295",
"url": "https://www.suse.com/security/cve/CVE-2024-42295"
},
{
"category": "external",
"summary": "SUSE Bug 1229370 for CVE-2024-42295",
"url": "https://bugzilla.suse.com/1229370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42295"
},
{
"cve": "CVE-2024-42301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42301",
"url": "https://www.suse.com/security/cve/CVE-2024-42301"
},
{
"category": "external",
"summary": "SUSE Bug 1229407 for CVE-2024-42301",
"url": "https://bugzilla.suse.com/1229407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42301"
},
{
"cve": "CVE-2024-42302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred. To do so, it polls the\nconfig space of the first child device on the secondary bus. If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\u0027s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device. Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume. Holding a\nreference wasn\u0027t necessary back then because the pciehp IRQ thread\ncould never run concurrently. (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase. And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event. Commit 53b54ad074de (\"PCI/DPC: Await readiness\nof secondary bus after reset\"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently. The commit was backported to v5.10+ stable\nkernels, so that\u0027s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n BUG: unable to handle page fault for address: 00000000091400c0\n CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n RIP: pci_bus_read_config_dword+0x17/0x50\n pci_dev_wait()\n pci_bridge_wait_for_secondary_bus()\n dpc_reset_link()\n pcie_do_recovery()\n dpc_handler()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42302",
"url": "https://www.suse.com/security/cve/CVE-2024-42302"
},
{
"category": "external",
"summary": "SUSE Bug 1229366 for CVE-2024-42302",
"url": "https://bugzilla.suse.com/1229366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42302"
},
{
"cve": "CVE-2024-42308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42308"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42308",
"url": "https://www.suse.com/security/cve/CVE-2024-42308"
},
{
"category": "external",
"summary": "SUSE Bug 1229411 for CVE-2024-42308",
"url": "https://bugzilla.suse.com/1229411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42308"
},
{
"cve": "CVE-2024-42309",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42309"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42309",
"url": "https://www.suse.com/security/cve/CVE-2024-42309"
},
{
"category": "external",
"summary": "SUSE Bug 1229359 for CVE-2024-42309",
"url": "https://bugzilla.suse.com/1229359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42309"
},
{
"cve": "CVE-2024-42310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42310"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42310",
"url": "https://www.suse.com/security/cve/CVE-2024-42310"
},
{
"category": "external",
"summary": "SUSE Bug 1229358 for CVE-2024-42310",
"url": "https://bugzilla.suse.com/1229358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42310"
},
{
"cve": "CVE-2024-42311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42311"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42311",
"url": "https://www.suse.com/security/cve/CVE-2024-42311"
},
{
"category": "external",
"summary": "SUSE Bug 1229413 for CVE-2024-42311",
"url": "https://bugzilla.suse.com/1229413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42311"
},
{
"cve": "CVE-2024-42312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.\") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42312",
"url": "https://www.suse.com/security/cve/CVE-2024-42312"
},
{
"category": "external",
"summary": "SUSE Bug 1229357 for CVE-2024-42312",
"url": "https://bugzilla.suse.com/1229357"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42312"
},
{
"cve": "CVE-2024-42313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42313",
"url": "https://www.suse.com/security/cve/CVE-2024-42313"
},
{
"category": "external",
"summary": "SUSE Bug 1229356 for CVE-2024-42313",
"url": "https://bugzilla.suse.com/1229356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42313"
},
{
"cve": "CVE-2024-42315",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42315"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi-\u003es_lock between the two processes may occur.\n\n CPU0 CPU1\n ---- ----\n kswapd\n balance_pgdat\n lock(fs_reclaim)\n exfat_iterate\n lock(\u0026sbi-\u003es_lock)\n exfat_readdir\n exfat_get_uniname_from_ext_entry\n exfat_get_dentry_set\n __exfat_get_dentry_set\n kmalloc_array\n ...\n lock(fs_reclaim)\n ...\n evict\n exfat_evict_inode\n lock(\u0026sbi-\u003es_lock)\n\nTo fix this, let\u0027s allocate bh-array with GFP_NOFS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42315",
"url": "https://www.suse.com/security/cve/CVE-2024-42315"
},
{
"category": "external",
"summary": "SUSE Bug 1229354 for CVE-2024-42315",
"url": "https://bugzilla.suse.com/1229354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42315"
},
{
"cve": "CVE-2024-42318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42318"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don\u0027t lose track of restrictions on cred_transfer\n\nWhen a process\u0027 cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent\u0027s credentials), the\ncred_transfer LSM hook is used instead. Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42318",
"url": "https://www.suse.com/security/cve/CVE-2024-42318"
},
{
"category": "external",
"summary": "SUSE Bug 1229351 for CVE-2024-42318",
"url": "https://bugzilla.suse.com/1229351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42318"
},
{
"cve": "CVE-2024-42319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() \u003c 0 occurs.\n\nAccording to the call tracei below:\n cmdq_mbox_shutdown\n mbox_free_channel\n mbox_controller_unregister\n __devm_mbox_controller_unregister\n ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n to bind the cmdq device to the mbox_controller, so\n devm_mbox_controller_unregister() will automatically unregister\n the device bound to the mailbox controller when the device-managed\n resource is removed. That means devm_mbox_controller_unregister()\n and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n will be called after cmdq_remove(), but before\n devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42319",
"url": "https://www.suse.com/security/cve/CVE-2024-42319"
},
{
"category": "external",
"summary": "SUSE Bug 1229350 for CVE-2024-42319",
"url": "https://bugzilla.suse.com/1229350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42319"
},
{
"cve": "CVE-2024-42320",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42320"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42320",
"url": "https://www.suse.com/security/cve/CVE-2024-42320"
},
{
"category": "external",
"summary": "SUSE Bug 1229349 for CVE-2024-42320",
"url": "https://bugzilla.suse.com/1229349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42320"
},
{
"cve": "CVE-2024-42322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42322"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42322",
"url": "https://www.suse.com/security/cve/CVE-2024-42322"
},
{
"category": "external",
"summary": "SUSE Bug 1229347 for CVE-2024-42322",
"url": "https://bugzilla.suse.com/1229347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-42322"
},
{
"cve": "CVE-2024-43816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43816"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages\n\nOn big endian architectures, it is possible to run into a memory out of\nbounds pointer dereference when FCP targets are zoned.\n\nIn lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl-\u003esge_len) is\nreferencing a little endian formatted sgl-\u003esge_len value. So, the memcpy\ncan cause big endian systems to crash.\n\nRedefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are\nreferring to a little endian formatted data structure. And, update the\nroutine with proper le32_to_cpu macro usages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43816",
"url": "https://www.suse.com/security/cve/CVE-2024-43816"
},
{
"category": "external",
"summary": "SUSE Bug 1229318 for CVE-2024-43816",
"url": "https://bugzilla.suse.com/1229318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43816"
},
{
"cve": "CVE-2024-43818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn\u0027t perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43818",
"url": "https://www.suse.com/security/cve/CVE-2024-43818"
},
{
"category": "external",
"summary": "SUSE Bug 1229296 for CVE-2024-43818",
"url": "https://bugzilla.suse.com/1229296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43818"
},
{
"cve": "CVE-2024-43819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm-\u003earch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43819",
"url": "https://www.suse.com/security/cve/CVE-2024-43819"
},
{
"category": "external",
"summary": "SUSE Bug 1229290 for CVE-2024-43819",
"url": "https://bugzilla.suse.com/1229290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43819"
},
{
"cve": "CVE-2024-43821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43821",
"url": "https://www.suse.com/security/cve/CVE-2024-43821"
},
{
"category": "external",
"summary": "SUSE Bug 1229315 for CVE-2024-43821",
"url": "https://bugzilla.suse.com/1229315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43821"
},
{
"cve": "CVE-2024-43823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43823",
"url": "https://www.suse.com/security/cve/CVE-2024-43823"
},
{
"category": "external",
"summary": "SUSE Bug 1229303 for CVE-2024-43823",
"url": "https://bugzilla.suse.com/1229303"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43823"
},
{
"cve": "CVE-2024-43829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43829",
"url": "https://www.suse.com/security/cve/CVE-2024-43829"
},
{
"category": "external",
"summary": "SUSE Bug 1229341 for CVE-2024-43829",
"url": "https://bugzilla.suse.com/1229341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43829"
},
{
"cve": "CVE-2024-43830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43830",
"url": "https://www.suse.com/security/cve/CVE-2024-43830"
},
{
"category": "external",
"summary": "SUSE Bug 1229305 for CVE-2024-43830",
"url": "https://bugzilla.suse.com/1229305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43830"
},
{
"cve": "CVE-2024-43831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43831",
"url": "https://www.suse.com/security/cve/CVE-2024-43831"
},
{
"category": "external",
"summary": "SUSE Bug 1229309 for CVE-2024-43831",
"url": "https://bugzilla.suse.com/1229309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43831"
},
{
"cve": "CVE-2024-43834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, -\u003edisconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43834",
"url": "https://www.suse.com/security/cve/CVE-2024-43834"
},
{
"category": "external",
"summary": "SUSE Bug 1229314 for CVE-2024-43834",
"url": "https://bugzilla.suse.com/1229314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43834"
},
{
"cve": "CVE-2024-43837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43837"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr-\u003eattach_prog_fd`,\nthe `prog-\u003eaux-\u003edst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[ 8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[ 8.108262] Mem abort info:\n[ 8.108384] ESR = 0x0000000096000004\n[ 8.108547] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 8.108722] SET = 0, FnV = 0\n[ 8.108827] EA = 0, S1PTW = 0\n[ 8.108939] FSC = 0x04: level 0 translation fault\n[ 8.109102] Data abort info:\n[ 8.109203] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 8.109399] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 8.109614] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[ 8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[ 8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 8.112783] Modules linked in:\n[ 8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[ 8.113230] Hardware name: linux,dummy-virt (DT)\n[ 8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[ 8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[ 8.113798] sp : ffff80008283b9f0\n[ 8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[ 8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[ 8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[ 8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[ 8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[ 8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[ 8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[ 8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[ 8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[ 8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[ 8.114126] Call trace:\n[ 8.114159] may_access_direct_pkt_data+0x24/0xa0\n[ 8.114202] bpf_check+0x3bc/0x28c0\n[ 8.114214] bpf_prog_load+0x658/0xa58\n[ 8.114227] __sys_bpf+0xc50/0x2250\n[ 8.114240] __arm64_sys_bpf+0x28/0x40\n[ 8.114254] invoke_syscall.constprop.0+0x54/0xf0\n[ 8.114273] do_el0_svc+0x4c/0xd8\n[ 8.114289] el0_svc+0x3c/0x140\n[ 8.114305] el0t_64_sync_handler+0x134/0x150\n[ 8.114331] el0t_64_sync+0x168/0x170\n[ 8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[ 8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 (\"bpf: Resolve to\nprog-\u003eaux-\u003edst_prog-\u003etype only for BPF_PROG_TYPE_EXT\") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n prog-\u003eaux-\u003edst_prog ? prog-\u003eaux-\u003edst_prog-\u003etype : prog-\u003etype;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog-\u003etype` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43837",
"url": "https://www.suse.com/security/cve/CVE-2024-43837"
},
{
"category": "external",
"summary": "SUSE Bug 1229297 for CVE-2024-43837",
"url": "https://bugzilla.suse.com/1229297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43837"
},
{
"cve": "CVE-2024-43839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust \u0027name\u0027 buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n\u0027name\u0027 size is 16, but the first \u0027%s\u0027 specifier may already need at\nleast 16 characters, since \u0027bnad-\u003enetdev-\u003ename\u0027 is used there.\n\nFor \u0027%d\u0027 specifiers, assume that they require:\n * 1 char for \u0027tx_id + tx_info-\u003etcb[i]-\u003eid\u0027 sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for \u0027rx_id + rx_info-\u003erx_ctrl[i].ccb-\u003eid\u0027, BNAD_MAX_RXP_PER_RX\n is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43839",
"url": "https://www.suse.com/security/cve/CVE-2024-43839"
},
{
"category": "external",
"summary": "SUSE Bug 1229301 for CVE-2024-43839",
"url": "https://bugzilla.suse.com/1229301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43839"
},
{
"cve": "CVE-2024-43841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won\u0027t be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43841",
"url": "https://www.suse.com/security/cve/CVE-2024-43841"
},
{
"category": "external",
"summary": "SUSE Bug 1229304 for CVE-2024-43841",
"url": "https://bugzilla.suse.com/1229304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43841"
},
{
"cve": "CVE-2024-43842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \u0027status-\u003ehe_gi\u0027 is compared to array size.\nBut then \u0027rate-\u003ehe_gi\u0027 is used as array index instead of \u0027status-\u003ehe_gi\u0027.\nThis can lead to go beyond array boundaries in case of \u0027rate-\u003ehe_gi\u0027 is\nnot equal to \u0027status-\u003ehe_gi\u0027 and is bigger than array size. Looks like\n\"copy-paste\" mistake.\n\nFix this mistake by replacing \u0027rate-\u003ehe_gi\u0027 with \u0027status-\u003ehe_gi\u0027.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43842",
"url": "https://www.suse.com/security/cve/CVE-2024-43842"
},
{
"category": "external",
"summary": "SUSE Bug 1229317 for CVE-2024-43842",
"url": "https://bugzilla.suse.com/1229317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43842"
},
{
"cve": "CVE-2024-43846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43846",
"url": "https://www.suse.com/security/cve/CVE-2024-43846"
},
{
"category": "external",
"summary": "SUSE Bug 1229360 for CVE-2024-43846",
"url": "https://bugzilla.suse.com/1229360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43846"
},
{
"cve": "CVE-2024-43849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr-\u003elock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43849",
"url": "https://www.suse.com/security/cve/CVE-2024-43849"
},
{
"category": "external",
"summary": "SUSE Bug 1229307 for CVE-2024-43849",
"url": "https://bugzilla.suse.com/1229307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43849"
},
{
"cve": "CVE-2024-43853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/\u003cpid\u003e/cpuset repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/ repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/\u003cpid\u003e/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css-\u003ecgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(\u0026cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to \u0026cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n\u0026cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to \u0026cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp-\u003eroot will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n(\"cgroup: Make operations on the cgroup root_list RCU safe\"),\ncss-\u003ecgroup won\u0027t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43853",
"url": "https://www.suse.com/security/cve/CVE-2024-43853"
},
{
"category": "external",
"summary": "SUSE Bug 1229292 for CVE-2024-43853",
"url": "https://bugzilla.suse.com/1229292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43853"
},
{
"cve": "CVE-2024-43854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media. For PI metadata this is\nlimited to the app tag that isn\u0027t used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43854",
"url": "https://www.suse.com/security/cve/CVE-2024-43854"
},
{
"category": "external",
"summary": "SUSE Bug 1229345 for CVE-2024-43854",
"url": "https://bugzilla.suse.com/1229345"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43854"
},
{
"cve": "CVE-2024-43856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n kokonut //net/encryption\n http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43856",
"url": "https://www.suse.com/security/cve/CVE-2024-43856"
},
{
"category": "external",
"summary": "SUSE Bug 1229346 for CVE-2024-43856",
"url": "https://bugzilla.suse.com/1229346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43856"
},
{
"cve": "CVE-2024-43858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix array-index-out-of-bounds in diFree",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43858",
"url": "https://www.suse.com/security/cve/CVE-2024-43858"
},
{
"category": "external",
"summary": "SUSE Bug 1229414 for CVE-2024-43858",
"url": "https://bugzilla.suse.com/1229414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43858"
},
{
"cve": "CVE-2024-43860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() \"nph = of_count_phandle_with_args()\" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 \u003c a \u003c nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43860",
"url": "https://www.suse.com/security/cve/CVE-2024-43860"
},
{
"category": "external",
"summary": "SUSE Bug 1229319 for CVE-2024-43860",
"url": "https://bugzilla.suse.com/1229319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43860"
},
{
"cve": "CVE-2024-43861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43861",
"url": "https://www.suse.com/security/cve/CVE-2024-43861"
},
{
"category": "external",
"summary": "SUSE Bug 1229500 for CVE-2024-43861",
"url": "https://bugzilla.suse.com/1229500"
},
{
"category": "external",
"summary": "SUSE Bug 1229553 for CVE-2024-43861",
"url": "https://bugzilla.suse.com/1229553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2024-43861"
},
{
"cve": "CVE-2024-43863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn\u0027t remove\nthe fence from the pending list, and thus doesn\u0027t require a lock to\nfix poll-\u003efence wait-\u003efence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it\u0027s been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it\u0027s held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43863",
"url": "https://www.suse.com/security/cve/CVE-2024-43863"
},
{
"category": "external",
"summary": "SUSE Bug 1229497 for CVE-2024-43863",
"url": "https://bugzilla.suse.com/1229497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43863"
},
{
"cve": "CVE-2024-43866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43866",
"url": "https://www.suse.com/security/cve/CVE-2024-43866"
},
{
"category": "external",
"summary": "SUSE Bug 1229495 for CVE-2024-43866",
"url": "https://bugzilla.suse.com/1229495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43866"
},
{
"cve": "CVE-2024-43867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43867"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43867",
"url": "https://www.suse.com/security/cve/CVE-2024-43867"
},
{
"category": "external",
"summary": "SUSE Bug 1229493 for CVE-2024-43867",
"url": "https://bugzilla.suse.com/1229493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43867"
},
{
"cve": "CVE-2024-43871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43871",
"url": "https://www.suse.com/security/cve/CVE-2024-43871"
},
{
"category": "external",
"summary": "SUSE Bug 1229490 for CVE-2024-43871",
"url": "https://bugzilla.suse.com/1229490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43871"
},
{
"cve": "CVE-2024-43872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43872"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43872",
"url": "https://www.suse.com/security/cve/CVE-2024-43872"
},
{
"category": "external",
"summary": "SUSE Bug 1229489 for CVE-2024-43872",
"url": "https://bugzilla.suse.com/1229489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43872"
},
{
"cve": "CVE-2024-43873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n created. Thus if features are never set, it will be\n read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n then seqpacket_allow will not be cleared appropriately\n (existing apps I know about don\u0027t usually do this but\n it\u0027s legal and there\u0027s no way to be sure no one relies\n on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43873",
"url": "https://www.suse.com/security/cve/CVE-2024-43873"
},
{
"category": "external",
"summary": "SUSE Bug 1229488 for CVE-2024-43873",
"url": "https://bugzilla.suse.com/1229488"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43873"
},
{
"cve": "CVE-2024-43879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43879"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43879",
"url": "https://www.suse.com/security/cve/CVE-2024-43879"
},
{
"category": "external",
"summary": "SUSE Bug 1229482 for CVE-2024-43879",
"url": "https://bugzilla.suse.com/1229482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43879"
},
{
"cve": "CVE-2024-43880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43880"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the \"objagg\" library to perform the mask aggregation by\npassing it objects that consist of the filter\u0027s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set (\"hints\") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -\u003e H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -\u003e H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n \u003cTASK\u003e\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43880",
"url": "https://www.suse.com/security/cve/CVE-2024-43880"
},
{
"category": "external",
"summary": "SUSE Bug 1229481 for CVE-2024-43880",
"url": "https://bugzilla.suse.com/1229481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43880"
},
{
"cve": "CVE-2024-43882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\u0027s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug 7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug 7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, \"chmod o-x,u+s target\" makes \"target\" executable only\nby uid \"root\" and gid \"cdrom\", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug 7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 target\n\nBut racing the chmod means users without group \"cdrom\" membership can\nget the permission to execute \"target\" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of \"only cdrom\ngroup members can setuid to root\".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43882",
"url": "https://www.suse.com/security/cve/CVE-2024-43882"
},
{
"category": "external",
"summary": "SUSE Bug 1229503 for CVE-2024-43882",
"url": "https://bugzilla.suse.com/1229503"
},
{
"category": "external",
"summary": "SUSE Bug 1229504 for CVE-2024-43882",
"url": "https://bugzilla.suse.com/1229504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2024-43882"
},
{
"cve": "CVE-2024-43883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43883",
"url": "https://www.suse.com/security/cve/CVE-2024-43883"
},
{
"category": "external",
"summary": "SUSE Bug 1229707 for CVE-2024-43883",
"url": "https://bugzilla.suse.com/1229707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43883"
},
{
"cve": "CVE-2024-43884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43884",
"url": "https://www.suse.com/security/cve/CVE-2024-43884"
},
{
"category": "external",
"summary": "SUSE Bug 1229739 for CVE-2024-43884",
"url": "https://bugzilla.suse.com/1229739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43884"
},
{
"cve": "CVE-2024-43889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n [ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n [ 10.017908] Workqueue: events_unbound padata_mt_helper\n [ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n :\n [ 10.017963] Call Trace:\n [ 10.017968] \u003cTASK\u003e\n [ 10.018004] ? padata_mt_helper+0x39/0xb0\n [ 10.018084] process_one_work+0x174/0x330\n [ 10.018093] worker_thread+0x266/0x3a0\n [ 10.018111] kthread+0xcf/0x100\n [ 10.018124] ret_from_fork+0x31/0x50\n [ 10.018138] ret_from_fork_asm+0x1a/0x30\n [ 10.018147] \u003c/TASK\u003e\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps-\u003echunk_size is 0. The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43889",
"url": "https://www.suse.com/security/cve/CVE-2024-43889"
},
{
"category": "external",
"summary": "SUSE Bug 1229743 for CVE-2024-43889",
"url": "https://bugzilla.suse.com/1229743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43889"
},
{
"cve": "CVE-2024-43892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 (\"mm: memcontrol: fix cgroup creation failure after\nmany small jobs\") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures. It introduced IDR to maintain the memcg ID\nspace. The IDR depends on external synchronization mechanisms for\nmodifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications. However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero. Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time. These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode. Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\u0027s list_lru didn\u0027t have list_lru_one for the\nmemcg of that object. The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success. No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\u0027s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them. So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove(). These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them. Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43892",
"url": "https://www.suse.com/security/cve/CVE-2024-43892"
},
{
"category": "external",
"summary": "SUSE Bug 1229761 for CVE-2024-43892",
"url": "https://bugzilla.suse.com/1229761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43892"
},
{
"cve": "CVE-2024-43893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43893"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000 PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n \u003cTASK\u003e\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43893",
"url": "https://www.suse.com/security/cve/CVE-2024-43893"
},
{
"category": "external",
"summary": "SUSE Bug 1229759 for CVE-2024-43893",
"url": "https://bugzilla.suse.com/1229759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43893"
},
{
"cve": "CVE-2024-43894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43894"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset-\u003emode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43894",
"url": "https://www.suse.com/security/cve/CVE-2024-43894"
},
{
"category": "external",
"summary": "SUSE Bug 1229746 for CVE-2024-43894",
"url": "https://bugzilla.suse.com/1229746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43894"
},
{
"cve": "CVE-2024-43895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 \u003c48\u003e 8\u003e\n RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n Call Trace:\n\u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? plist_add+0xbe/0x100\n ? exc_page_fault+0x7c/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n drm_atomic_check_only+0x5c5/0xa40\n drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43895",
"url": "https://www.suse.com/security/cve/CVE-2024-43895"
},
{
"category": "external",
"summary": "SUSE Bug 1229755 for CVE-2024-43895",
"url": "https://bugzilla.suse.com/1229755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43895"
},
{
"cve": "CVE-2024-43899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43899"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[ 181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 181.843997] #PF: supervisor instruction fetch in kernel mode\n[ 181.844003] #PF: error_code(0x0010) - not-present page\n[ 181.844009] PGD 0 P4D 0\n[ 181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[ 181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu\n[ 181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[ 181.844044] RIP: 0010:0x0\n[ 181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[ 181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[ 181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[ 181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[ 181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[ 181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[ 181.844121] FS: 00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[ 181.844128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[ 181.844141] Call Trace:\n[ 181.844146] \u003cTASK\u003e\n[ 181.844153] ? show_regs+0x6d/0x80\n[ 181.844167] ? __die+0x24/0x80\n[ 181.844179] ? page_fault_oops+0x99/0x1b0\n[ 181.844192] ? do_user_addr_fault+0x31d/0x6b0\n[ 181.844204] ? exc_page_fault+0x83/0x1b0\n[ 181.844216] ? asm_exc_page_fault+0x27/0x30\n[ 181.844237] dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[ 181.845115] amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[ 181.845985] amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[ 181.846848] fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[ 181.847734] fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[ 181.848748] dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[ 181.849791] ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[ 181.850840] amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43899",
"url": "https://www.suse.com/security/cve/CVE-2024-43899"
},
{
"category": "external",
"summary": "SUSE Bug 1229754 for CVE-2024-43899",
"url": "https://bugzilla.suse.com/1229754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43899"
},
{
"cve": "CVE-2024-43900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504 worker_thread\ntuner_probe \u003c= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait \u003c= create a worker\n...\ntuner_remove \u003c= free dvb_frontend\n...\n request_firmware_work_func \u003c= the firmware is ready\n load_firmware_cb \u003c= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n ==================================================================\n BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n Call trace:\n load_firmware_cb+0x1310/0x17a0\n request_firmware_work_func+0x128/0x220\n process_one_work+0x770/0x1824\n worker_thread+0x488/0xea0\n kthread+0x300/0x430\n ret_from_fork+0x10/0x20\n\n Allocated by task 6504:\n kzalloc\n tuner_probe+0xb0/0x1430\n i2c_device_probe+0x92c/0xaf0\n really_probe+0x678/0xcd0\n driver_probe_device+0x280/0x370\n __device_attach_driver+0x220/0x330\n bus_for_each_drv+0x134/0x1c0\n __device_attach+0x1f4/0x410\n device_initial_probe+0x20/0x30\n bus_probe_device+0x184/0x200\n device_add+0x924/0x12c0\n device_register+0x24/0x30\n i2c_new_device+0x4e0/0xc44\n v4l2_i2c_new_subdev_board+0xbc/0x290\n v4l2_i2c_new_subdev+0xc8/0x104\n em28xx_v4l2_init+0x1dd0/0x3770\n\n Freed by task 6504:\n kfree+0x238/0x4e4\n tuner_remove+0x144/0x1c0\n i2c_device_remove+0xc8/0x290\n __device_release_driver+0x314/0x5fc\n device_release_driver+0x30/0x44\n bus_remove_device+0x244/0x490\n device_del+0x350/0x900\n device_unregister+0x28/0xd0\n i2c_unregister_device+0x174/0x1d0\n v4l2_device_unregister+0x224/0x380\n em28xx_v4l2_init+0x1d90/0x3770\n\n The buggy address belongs to the object at ffff8000d7ca2000\n which belongs to the cache kmalloc-2k of size 2048\n The buggy address is located 776 bytes inside of\n 2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n The buggy address belongs to the page:\n page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n flags: 0x7ff800000000100(slab)\n raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n \u003effff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\n[2]\n Actually, it is allocated for struct tuner, and dvb_frontend is inside.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43900",
"url": "https://www.suse.com/security/cve/CVE-2024-43900"
},
{
"category": "external",
"summary": "SUSE Bug 1229756 for CVE-2024-43900",
"url": "https://bugzilla.suse.com/1229756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43900"
},
{
"cve": "CVE-2024-43902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43902",
"url": "https://www.suse.com/security/cve/CVE-2024-43902"
},
{
"category": "external",
"summary": "SUSE Bug 1229767 for CVE-2024-43902",
"url": "https://bugzilla.suse.com/1229767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43902"
},
{
"cve": "CVE-2024-43903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43903"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43903",
"url": "https://www.suse.com/security/cve/CVE-2024-43903"
},
{
"category": "external",
"summary": "SUSE Bug 1229781 for CVE-2024-43903",
"url": "https://bugzilla.suse.com/1229781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43903"
},
{
"cve": "CVE-2024-43904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43904"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for \u0027stream\u0027 and \u0027plane\u0027 before dereferencing\n\nThis commit adds null checks for the \u0027stream\u0027 and \u0027plane\u0027 variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that \u0027stream\u0027 and \u0027plane\u0027 are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed \u0027stream\u0027 could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed \u0027plane\u0027 could be null (see line 922)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43904",
"url": "https://www.suse.com/security/cve/CVE-2024-43904"
},
{
"category": "external",
"summary": "SUSE Bug 1229768 for CVE-2024-43904",
"url": "https://bugzilla.suse.com/1229768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43904"
},
{
"cve": "CVE-2024-43905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43905",
"url": "https://www.suse.com/security/cve/CVE-2024-43905"
},
{
"category": "external",
"summary": "SUSE Bug 1229784 for CVE-2024-43905",
"url": "https://bugzilla.suse.com/1229784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43905"
},
{
"cve": "CVE-2024-43907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43907"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43907",
"url": "https://www.suse.com/security/cve/CVE-2024-43907"
},
{
"category": "external",
"summary": "SUSE Bug 1229787 for CVE-2024-43907",
"url": "https://bugzilla.suse.com/1229787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43907"
},
{
"cve": "CVE-2024-43908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43908",
"url": "https://www.suse.com/security/cve/CVE-2024-43908"
},
{
"category": "external",
"summary": "SUSE Bug 1229788 for CVE-2024-43908",
"url": "https://bugzilla.suse.com/1229788"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43908"
},
{
"cve": "CVE-2024-43909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr-\u003ebackend)\nto function smu7_update_edc_leakage_table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43909",
"url": "https://www.suse.com/security/cve/CVE-2024-43909"
},
{
"category": "external",
"summary": "SUSE Bug 1229789 for CVE-2024-43909",
"url": "https://bugzilla.suse.com/1229789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43909"
},
{
"cve": "CVE-2024-44938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44938",
"url": "https://www.suse.com/security/cve/CVE-2024-44938"
},
{
"category": "external",
"summary": "SUSE Bug 1229792 for CVE-2024-44938",
"url": "https://bugzilla.suse.com/1229792"
},
{
"category": "external",
"summary": "SUSE Bug 1229793 for CVE-2024-44938",
"url": "https://bugzilla.suse.com/1229793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "important"
}
],
"title": "CVE-2024-44938"
},
{
"cve": "CVE-2024-44939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44939"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p-\u003eheader.flag will be cleared. This will cause the\npreviously true judgment \"p-\u003eheader.flag \u0026 BT-LEAF\" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44939",
"url": "https://www.suse.com/security/cve/CVE-2024-44939"
},
{
"category": "external",
"summary": "SUSE Bug 1229820 for CVE-2024-44939",
"url": "https://bugzilla.suse.com/1229820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-44939"
},
{
"cve": "CVE-2024-44947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44947",
"url": "https://www.suse.com/security/cve/CVE-2024-44947"
},
{
"category": "external",
"summary": "SUSE Bug 1229456 for CVE-2024-44947",
"url": "https://bugzilla.suse.com/1229456"
},
{
"category": "external",
"summary": "SUSE Bug 1230098 for CVE-2024-44947",
"url": "https://bugzilla.suse.com/1230098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:cluster-md-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:dlm-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:gfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-extra-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-livepatch-devel-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-azure-optional-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-azure-vdso-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kernel-devel-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-source-azure-5.14.21-150500.33.66.1.noarch",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kernel-syms-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:kselftests-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:ocfs2-kmp-azure-5.14.21-150500.33.66.1.x86_64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.aarch64",
"openSUSE Leap 15.5:reiserfs-kmp-azure-5.14.21-150500.33.66.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T08:46:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-44947"
}
]
}
SUSE-SU-2024:3483-1
Vulnerability from csaf_suse - Published: 2024-09-27 15:11 - Updated: 2024-09-27 15:11Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
- CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798)
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
- CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
- CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
- CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
- CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
- CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
- CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
- CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
- CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
- CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
- CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
- CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
- CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569).
- CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
- CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
- CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
- CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
- CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
- CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
- CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
- CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
- CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
- CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
- CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
- CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
- CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
- CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-27016: Validate pppoe header (bsc#1223807).
- CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
- CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
- CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
- CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
- CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
- CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
- CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
- CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).
- CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387)
- CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
- CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
- CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
- CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
- CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-42308: Update DRM patch reference (bsc#1229411)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
- CVE-2024-26669: Fix chain template offload (bsc#1222350).
- CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).
- CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
- CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
- CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
- CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
- CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
- CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
- CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
- CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
- CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
- CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
- CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
- CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
- CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
- CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
- CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
- CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
- CVE-2024-42139: Fix improper extts handling (bsc#1228503).
- CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
- CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
- CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613).
- CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
- CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).
The following non-security bugs were fixed:
- Indicate support for IRQ ResourceSource thru _OSC (git-fixes).
- Indicate support for the Generic Event Device thru _OSC (git-fixes).
- Rework system-level device notification handling (git-fixes).
- Drop nocrt parameter (git-fixes).
- x86: s2 Post-increment variables when getting constraints (git-fixes).
- Do not cross .backup mountpoint from backup volume (git-fixes).
- Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).
- line6: Fix racy access to midibuf (stable-fixes).
- Relax start tick time check for slave timer elements (git-fixes).
- Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).
- Re-add ScratchAmp quirk entries (git-fixes).
- Support Yamaha P-125 quirk entry (stable-fixes).
- Fix UBSAN warning in parse_audio_unit() (stable-fixes).
- arm64: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: Add Neoverse-V2 part (git-fixes)
- arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: Restore spec_bar() macro (git-fixes)
- arm64: Add missing .field_width for GIC system registers (git-fixes)
- arm64: Fix the visibility of compat hwcaps (git-fixes)
- arm64: Force HWCAP to be based on the sysreg visible to (git-fixes)
- arm64: Add Cortex-A720 definitions (git-fixes)
- arm64: Add Cortex-A725 definitions (git-fixes)
- arm64: Add Cortex-X1C definitions (git-fixes)
- arm64: Add Cortex-X3 definitions (git-fixes)
- arm64: Add Cortex-X4 definitions (git-fixes)
- arm64: Add Cortex-X925 definitions (git-fixes)
- arm64: Add Neoverse-V3 definitions (git-fixes)
- arm64: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: Expand speculative SSBS workaround (again) (git-fixes)
- arm64: Expand speculative SSBS workaround (git-fixes)
- arm64: Unify speculative SSBS errata logic (git-fixes) Also update default configuration.
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- wcd938 Correct Soundwire ports mask (git-fixes).
- wsa881 Correct Soundwire ports mask (git-fixes).
- fix irq scheduling issue with PREEMPT_RT (git-fixes).
- Introduce async_schedule_dev_nocall() (bsc#1221269).
- Split async_schedule_node_domain() (bsc#1221269).
- Fix usage of __hci_cmd_sync_status (git-fixes).
- hci_ Fix not handling hibernation actions (git-fixes).
- l2 always unlock channel in l2cap_conless_channel() (git-fixes).
- L2 Fix deadlock (git-fixes).
- Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- remove unused declaring of bpf_kprobe_override (git-fixes).
- fix leak of qgroup extent records after transaction abort (git-fixes).
- make btrfs_destroy_delayed_refs() return void (git-fixes).
- remove unnecessary prototype declarations at disk-io.c (git-fixes).
- update fs features directory asynchronously (bsc#1226168).
- propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418).
- issue a cap release immediately if no cap exists (bsc#1225162).
- periodically flush the cap releases (bsc#1225162).
- Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpuidle, Evaluate LPI arch_flags for broadcast timer (git-fixes).
- Fix register ID of SPSR_FIQ (git-fixes).
- add missing MODULE_DESCRIPTION() macros (stable-fixes).
- Add labels for both Valve Steam Deck revisions (stable-fixes).
- Add quirk for Aya Neo KUN (stable-fixes).
- Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes).
- Add quirk for Nanote UMPC-01 (stable-fixes).
- Add quirk for OrangePi Neo (stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes).
- Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- avoid using null object of framebuffer (git-fixes).
- Fix && vs || typos (git-fixes).
- Skip Recompute DSC Params if no Stream on Link (stable-fixes).
- Validate hw_points_num before using it (stable-fixes).
- Fix the null pointer dereference for vega10_hwmgr (stable-fixes).
- Actually check flags for all context ops (stable-fixes).
- Add lock around VF RLCG interface (stable-fixes).
- fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).
- Fix the null pointer dereference to ras_manager (stable-fixes).
- Validate TA binary size (stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).
- Fix the null pointer dereference for smu7 (stable-fixes).
- Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).
- Fix the param type of set_power_profile_mode (stable-fixes).
- analogix_ properly handle zero sized AUX transactions (stable-fixes).
- tc358768: Attempt to fix DSI horizontal timings (stable-fixes).
- fix null pointer dereference in drm_client_modeset_probe (git-fixes).
- drm/dp_ Skip CSN if topology probing is not done yet (stable-fixes).
- set gp bus_stop bit before hard reset (stable-fixes).
- reset the link phy params before link training (git-fixes).
- cleanup FB if dpu_format_populate_layout fails (git-fixes).
- do not play tricks with debug macros (git-fixes).
- Zero-initialize iosys_map (stable-fixes).
- fix inode->i_blocks for non-512 byte sector size device (git-fixes).
- fix potential deadlock on __exfat_get_dentry_set (git-fixes).
- redefine DIR_DELETED as the bad cluster number (git-fixes).
- support dynamic allocate bh for exfat_entry_set_cache (git-fixes).
- fs/netfs/fscache_ add missing 'n_accesses' check (bsc#1229453).
- Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- Add might_sleep() to disable_irq() (git-fixes).
- Always limit the affinity to online CPUs (git-fixes).
- Do not return error on missing optional irq_request_resources() (git-fixes).
- Take the proposed affinity at face value if force==true (git-fixes).
- genirq/cpuhotplug, x86 Prevent vector leak during CPU offline (git-fixes).
- genirq/generic_ Make irq_remove_generic_chip() irqdomain aware (git-fixes).
- Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes).
- Do not try to remove non-existing sysfs files (git-fixes).
- Exclude managed interrupts in irq_matrix_allocated() (git-fixes).
- Shutdown managed interrupts with unsatifiable affinities (git-fixes).
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).
- fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).
- i2 Improve handling of stuck alerts (git-fixes).
- i2 Send alert notifications to all devices if source not found (git-fixes).
- Convert comma to semicolon (git-fixes).
- ip6_ Fix broken GRO (bsc#1229444).
- ipv6: fix incorrect unregister order (git-fixes).
- Drop bogus fwspec-mapping error handling (git-fixes).
- Fix association race (git-fixes).
- Fix disassociation race (git-fixes).
- Fix domain registration race (git-fixes).
- Fix mapping-creation race (git-fixes).
- Fixed unbalanced fwnode get and put (git-fixes).
- Look for existing mapping only once (git-fixes).
- Refactor __irq_domain_alloc_irqs() (git-fixes).
- Report irq number for NOMAP domains (git-fixes).
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413).
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413).
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413).
- kernel/irq/irqdomain. fix memory leak with using debugfs_lookup() (git-fixes).
- Fix to check symbol prefixes correctly (git-fixes).
- move from strlcpy with unused retval to strscpy (git-fixes).
- protect concurrent access to mem_cgroup_idr (git-fixes).
- mm, fix infinite recursion due to RCU critical section (git-fixes).
- prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- dw_ allow biu and ciu clocks to defer (git-fixes).
- mmc_ Fix NULL dereference on allocation failure (git-fixes).
- ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes).
- ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- ks8851: Fix potential TX stall after interface reopen (git-fixes).
- ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes).
- Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).
- Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).
- Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).
- remove two BUG() from skb_checksum_help() (bsc#1229312).
- qmi_ fix memory leak for not ip packets (git-fixes).
- fix possible cp null dereference (git-fixes).
- initialize noop_qdisc owner (git-fixes).
- pn533: Add poll mod list filling check (git-fixes).
- expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- make the rpc_stat per net namespace (git-fixes).
- add posix ACLs to struct nfsd_attrs (git-fixes).
- add security label to struct nfsd_attrs (git-fixes).
- fix regression with setting ACLs (git-fixes).
- Fix strncpy() fortify warning (git-fixes).
- Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- introduce struct nfsd_attrs (git-fixes).
- move from strlcpy with unused retval to strscpy (git-fixes).
- Optimize DRC bucket pruning (git-fixes).
- return error if nfs4_setacl fails (git-fixes).
- set attributes when creating symlinks (git-fixes).
- use locks_inode_context helper (git-fixes).
- nilfs2: Remove check for PageError (git-fixes).
- nvme_ scan namespaces asynchronously (bsc#1224105).
- ocfs2: use coarse time for new created files (git-fixes).
- Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).
- platform/x86 Add support for ACPI based probing (jsc#PED-8779).
- platform/x86 Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- platform/x86 Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- platform/x86 Check HSMP support on AMD family of processors (jsc#PED-8779).
- platform/x86 Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- platform/x86 Create static func to handle platdev (jsc#PED-8779).
- platform/x86 Define a struct to hold mailbox regs (jsc#PED-8779).
- platform/x86 Move dev from platdev to hsmp_socket (jsc#PED-8779).
- platform/x86 Move hsmp_test to probe (jsc#PED-8779).
- platform/x86 Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- platform/x86 Remove extra parenthesis and add a space (jsc#PED-8779).
- platform/x86 Restructure sysfs group creation (jsc#PED-8779).
- platform/x86 switch to use device_add_groups() (jsc#PED-8779).
- axp288_ Fix constant_charge_voltage writes (git-fixes).
- axp288_ Round constant_charge_voltage writes down (git-fixes).
- Fail build if using recordmcount with binutils v2.37 (bsc#1194869).
- Mark .opd section read-only (bsc#1194869).
- use generic version of arch_is_kernel_initmem_freed() (bsc#1194869).
- xor_ Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).
- Avoid clang null pointer arithmetic warnings (bsc#1194869).
- powerpc/kexec_ fix cpus node update to FDT (bsc#1194869).
- make the update_cpus_node() function public (bsc#1194869).
- split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).
- Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).
- Whitelist dtl slub object for copying to userspace (bsc#1194869).
- Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869).
- RDMA/mana_ Use virtual address in dma regions for MRs (git-fixes).
- Fix incomplete state save in rxe_requester (git-fixes)
- Fix rxe_modify_srq (git-fixes)
- Handle zero length rdma (git-fixes)
- Move work queue code to subroutines (git-fixes)
- s390 get rid of register asm (git-fixes bsc#1227079 bsc#1229187).
- s390 Make use of invalid opcode produce a link error (git-fixes bsc#1227079).
- s390 Split and rework cpacf query functions (git-fixes bsc#1229187).
- s390 fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190).
- s390 fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573).
- s390 Prevent release of buffer in I/O (git-fixes bsc#1229572).
- s390 Panic for set and remove shared access UVC errors (git-fixes bsc#1229188).
- Fix scldiv calculation (git-fixes).
- add a struct rpc_stats arg to rpc_create_args (git-fixes).
- Fix a race to wake a sync task (git-fixes).
- fix swiotlb_bounce() to do partial sync's correctly (git-fixes).
- fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).
- add check for crypto_shash_tfm_digest (git-fixes).
- dbg_orphan_ Fix missed key type checking (git-fixes).
- Fix adding orphan entry twice for the same inode (git-fixes).
- Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- fix potential memory leak in vfio_intx_enable() (git-fixes).
- fix wgds rev 3 exact size (git-fixes).
- duplicate static structs used in driver instances (git-fixes).
- x86 drop the duplicate APM_MINOR_DEV macro (git-fixes).
- x86 Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- x86 Fix pti_clone_entry_text() for i386 (git-fixes).
- x86 Check if fixed MTRRs exist before saving them (git-fixes).
- x86 Work around false positive kmemleak report in msr_build_context() (git-fixes).
- Fix missing interval for missing_owner in xfs fsmap (git-fixes).
- Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).
- use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).
- Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).
- Fix rpcrdma_reqs_reset() (git-fixes).
Patchnames
SUSE-2024-3483,SUSE-SLE-Micro-5.5-2024-3483,SUSE-SLE-Module-Basesystem-15-SP5-2024-3483,SUSE-SLE-Module-Development-Tools-15-SP5-2024-3483,SUSE-SLE-Module-Legacy-15-SP5-2024-3483,SUSE-SLE-Module-Live-Patching-15-SP5-2024-3483,SUSE-SLE-Product-HA-15-SP5-2024-3483,SUSE-SLE-Product-WE-15-SP5-2024-3483,openSUSE-Leap-Micro-5.5-2024-3483,openSUSE-SLE-15.5-2024-3483
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).