Vulnerability from csaf_suse
Published
2024-02-14 12:19
Modified
2024-02-14 12:19
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
The following non-security bugs were fixed:
- 9p: missing chunk of 'fs/9p: Do not update file type when updating file attributes' (git-fixes).
- ACPICA: Avoid cache flush inside virtual machines (git-fixes).
- Fix build error in debug config
- GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads (git-fixes).
- KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1219022).
- Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
- UAPI: ndctl: Fix g++-unsupported initialisation in headers (git-fixes).
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- USB: serial: option: fix FM101R-GL defines (git-fixes).
- acpi/nfit: Require opt-in for read-only label configurations (git-fixes).
- acpi/nfit: improve bounds checking for 'func' (git-fixes).
- affs: fix basic permission bits to actually work (git-fixes).
- aio: fix mremap after fork null-deref (git-fixes).
- asix: Add check for usbnet_get_endpoints (git-fixes).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1219445).
- chardev: fix error handling in cdev_device_add() (git-fixes).
- configfs: fix a deadlock in configfs_symlink() (git-fixes).
- configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes).
- configfs: fix a use-after-free in __configfs_open_file (git-fixes).
- configfs: fix config_item refcnt leak in configfs_rmdir() (git-fixes).
- configfs: fix memleak in configfs_release_bin_file (git-fixes).
- configfs: new object reprsenting tree fragments (git-fixes).
- configfs: provide exclusion between IO and removals (git-fixes).
- configfs: stash the data we need into configfs_buffer at open time (git-fixes).
- ext4: Avoid freeing inodes on dirty list (bsc#1216989).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- fat: add ratelimit to fat*_ent_bread() (git-fixes).
- fs/exofs: fix potential memory leak in mount option parsing (git-fixes).
- fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() (git-fixes).
- fs/fat/file.c: issue flush after the writeback of FAT (git-fixes).
- fs/file.c: initialize init_files.resize_wait (git-fixes).
- fs: do not audit the capability check in simple_xattr_list() (git-fixes).
- fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes).
- fs: orangefs: fix error return code of orangefs_revalidate_lookup() (git-fixes).
- fs: ratelimit __find_get_block_slow() failure message (git-fixes).
- fs: warn about impending deprecation of mandatory locks (git-fixes).
- gfs2: Allow lock_nolock mount to specify jid=X (git-fixes).
- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- gfs2: Do not call dlm after protocol is unmounted (git-fixes).
- gfs2: Do not set GFS2_RDF_UPTODATE when the lvb is updated (git-fixes).
- gfs2: Do not skip dlm unlock if glock had an lvb (git-fixes).
- gfs2: Fix inode height consistency check (git-fixes).
- gfs2: Fix lru_count going negative (git-fixes).
- gfs2: Fix marking bitmaps non-full (git-fixes).
- gfs2: Fix possible data races in gfs2_show_options() (git-fixes).
- gfs2: Fix sign extension bug in gfs2_update_stats (git-fixes).
- gfs2: Fix use-after-free in gfs2_glock_shrink_scan (git-fixes).
- gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free (git-fixes).
- gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes).
- gfs2: Special-case rindex for gfs2_grow (git-fixes).
- gfs2: Wake up when sd_glock_disposal becomes zero (git-fixes).
- gfs2: add validation checks for size of superblock (git-fixes).
- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
- gfs2: check for empty rgrp tree in gfs2_ri_update (git-fixes).
- gfs2: check for live vs. read-only file system in gfs2_fitrim (git-fixes).
- gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps (git-fixes).
- gfs2: fix use-after-free on transaction ail lists (git-fixes).
- gfs2: ignore negated quota changes (git-fixes).
- gfs2: initialize transaction tr_ailX_lists earlier (git-fixes).
- gfs2: report 'already frozen/thawed' errors (git-fixes).
- gfs2: take jdata unstuff into account in do_grow (git-fixes).
- gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache (git-fixes).
- gtp: change NET_UDP_TUNNEL dependency to select (git-fixes).
- help_next should increase position index (git-fixes).
- iomap: sub-block dio needs to zeroout beyond EOF (git-fixes).
- kernfs: Separate kernfs_pr_cont_buf and rename_lock (git-fixes).
- kernfs: bring names in comments in line with code (git-fixes).
- kernfs: fix use-after-free in __kernfs_remove (git-fixes).
- libceph: use kernel_connect() (bsc#1219446).
- libnvdimm/btt: Fix LBA masking during 'free list' population (git-fixes).
- libnvdimm/btt: Fix a kmemdup failure check (git-fixes).
- libnvdimm/btt: Remove unnecessary code in btt_freelist_init (git-fixes).
- libnvdimm/btt: fix variable 'rc' set but not used (git-fixes).
- libnvdimm/namespace: Fix a potential NULL pointer dereference (git-fixes).
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes).
- libnvdimm/pmem: Delete include of nd-core.h (git-fixes).
- libnvdimm/pmem: fix a possible OOB access when read and write pmem (git-fixes).
- libnvdimm/region: Fix label activation vs errors (git-fixes).
- libnvdimm: Fix compilation warnings with W=1 (git-fixes).
- libnvdimm: Out of bounds read in __nd_ioctl() (git-fixes).
- libnvdimm: Validate command family indices (git-fixes).
- libnvdimm: cover up changes in struct nvdimm_bus_descriptor (git-fixes).
- locks: print a warning when mount fails due to lack of 'mand' support (git-fixes).
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- mlxsw: spectrum: Avoid -Wformat-truncation warnings (git-fixes).
- mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG (git-fixes).
- mlxsw: spectrum: Set LAG port collector only when active (git-fixes).
- mm,mremap: bail out earlier in mremap_to under map pressure (bsc#1123986).
- net: (cpts) fix a missing check of clk_prepare (git-fixes).
- net: dsa: bcm_sf2: Propagate error value from mdio_write (git-fixes).
- net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 (git-fixes).
- net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0 (git-fixed).
- net: dsa: qca8k: Enable delay for RGMII_ID mode (git-fixes).
- net: ethernet: ti: fix possible object reference leak (git-fixes).
- net: fec: Do not use netdev messages too early (git-fixes).
- net: ks8851: Delay requesting IRQ until opened (git-fixes).
- net: ks8851: Reassert reset pin if chip ID check fails (git-fixes).
- net: ks8851: Set initial carrier state to down (git-fixes).
- net: macb: Add null check for PCLK and HCLK (git-fixed).
- net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() (git-fixes).
- net: phy: sfp: warn the user when no tx_disable pin is available (git-fixes).
- net: phylink: avoid resolving link state too early (git-fixes).
- net: sfp: do not probe SFP module before we're attached (git-fixes).
- net: stmmac: Disable EEE mode earlier in XMIT callback (git-fixes).
- net: stmmac: Fallback to Platform Data clock in Watchdog conversion (git-fixes).
- net: stmmac: do not overwrite discard_frame status (git-fixes).
- net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() (git-fixes).
- net: stmmac: dwmac1000: Clear unused address entries (git-fixed).
- net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting (git-fixes).
- net: stmmac: dwmac4/5: Clear unused address entries (git-fixes).
- net: systemport: Fix reception of BPDUs (git-fixes).
- net: xilinx: fix possible object reference leak (git-fixed).
- nfs: NFS 4.0 LOCK calls getting constant NFS4ERR_BAD_SEQID (bsc#1218968).
- nfsd: drop st_mutex and rp_mutex before calling move_to_close_lru() (bsc#1217525).
- nvdimm/btt: do not call del_gendisk() if not needed (git-fixes).
- nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).
- nvdimm: Fix badblocks clear off-by-one error (git-fixes).
- nvmet-tcp: fix a crash in nvmet_req_complete() (git-fixes).
- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes).
- orangefs: Fix sysfs not cleanup when dev init failed (git-fixes).
- orangefs: fix orangefs df output (git-fixes).
- orangefs: rate limit the client not running info message (git-fixes).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).
- powerpc/pseries/memhotplug: Quieten some DLPAR operations (bsc#1065729).
- powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1065729).
- preserve KABI for struct plat_stmmacenet_data (git-fixes).
- preserve KABI for struct sfp_socket_ops (git-fixes).
- proc: fix /proc/*/map_files lookup (git-fixes).
- pstore/ram: Check start of empty przs during init (git-fixes).
- pstore/ram: Fix error return code in ramoops_probe() (git-fixes).
- pstore/ram: Run without kernel crash dump region (git-fixes).
- pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes).
- pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes).
- reiserfs: Check the return value from __getblk() (git-fixes).
- reiserfs: Replace 1-element array with C99 style flex-array (git-fixes).
- s390/dasd: fix double module refcount decrement (bsc#1141539).
- scsi: qedf: fc_rport_priv reference counting fixes (bsc#1212152).
- scsi: qla0xxx: Fix system crash due to bad pointer access (git-fixes).
- sfc: initialise found bitmap in efx_ef10_mtd_probe (git-fixes).
- statfs: enforce statfs[64] structure initialization (git-fixes).
- tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- veth: Fixing transmit return status for dropped packets (git-fixes).
- vfs: make freeze_super abort when sync_filesystem returns error (git-fixes).
- writeback: Export inode_io_list_del() (bsc#1216989).
- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- x86/asm: Ensure asm/proto.h can be included stand-alone (git-fixes).
- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).
- x86/build: Treat R_386_PLT32 relocation as R_386_PC32 (git-fixes).
- x86/build: Turn off -fcf-protection for realmode targets (git-fixes).
- x86/cpu/hygon: Fix the CPU topology evaluation for real (git-fixes).
- x86/cpu: Add another Alder Lake CPU to the Intel family (git-fixes).
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- x86/kvm/lapic: always disable MMIO interface in x2APIC mode (git-fixes).
- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
- x86/lib: Fix overflow when counting digits (git-fixes).
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes).
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes).
- x86/mm: Add a x86_has_pat_wp() helper (git-fixes).
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- x86/pat: Pass valid address to sanitize_phys() (git-fixes).
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- x86/pm: Fix false positive kmemleak report in msr_build_context() (git-fixes).
- x86/purgatory: Do not generate debug info for purgatory.ro (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- x86/unwind/orc: Fix unreliable stack dump with gcov (git-fixes).
- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).
- x86: Clear .brk area at early boot (git-fixes).
- x86: Fix __get_wchan() for !STACKTRACE (git-fixes).
- x86: Fix get_wchan() to support the ORC unwinder (git-fixes).
- x86: Mark stop_this_cpu() __noreturn (git-fixes).
- x86: Pin task-stack in __get_wchan() (git-fixes).
- x86: __always_inline __{rd,wr}msr() (git-fixes).
Patchnames
SUSE-2024-468,SUSE-SLE-RT-12-SP5-2024-468
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "\nThe SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).\n- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).\n- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).\n- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).\n- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).\n- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).\n- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).\n- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).\n- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).\n\nThe following non-security bugs were fixed:\n\n- 9p: missing chunk of 'fs/9p: Do not update file type when updating file attributes' (git-fixes).\n- ACPICA: Avoid cache flush inside virtual machines (git-fixes).\n- Fix build error in debug config\n- GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads (git-fixes).\n- KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1219022).\n- Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).\n- UAPI: ndctl: Fix g++-unsupported initialisation in headers (git-fixes).\n- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).\n- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).\n- USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).\n- USB: serial: option: fix FM101R-GL defines (git-fixes).\n- acpi/nfit: Require opt-in for read-only label configurations (git-fixes).\n- acpi/nfit: improve bounds checking for 'func' (git-fixes).\n- affs: fix basic permission bits to actually work (git-fixes).\n- aio: fix mremap after fork null-deref (git-fixes).\n- asix: Add check for usbnet_get_endpoints (git-fixes).\n- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1219445).\n- chardev: fix error handling in cdev_device_add() (git-fixes).\n- configfs: fix a deadlock in configfs_symlink() (git-fixes).\n- configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes).\n- configfs: fix a use-after-free in __configfs_open_file (git-fixes).\n- configfs: fix config_item refcnt leak in configfs_rmdir() (git-fixes).\n- configfs: fix memleak in configfs_release_bin_file (git-fixes).\n- configfs: new object reprsenting tree fragments (git-fixes).\n- configfs: provide exclusion between IO and removals (git-fixes).\n- configfs: stash the data we need into configfs_buffer at open time (git-fixes).\n- ext4: Avoid freeing inodes on dirty list (bsc#1216989).\n- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).\n- fat: add ratelimit to fat*_ent_bread() (git-fixes).\n- fs/exofs: fix potential memory leak in mount option parsing (git-fixes).\n- fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() (git-fixes).\n- fs/fat/file.c: issue flush after the writeback of FAT (git-fixes).\n- fs/file.c: initialize init_files.resize_wait (git-fixes).\n- fs: do not audit the capability check in simple_xattr_list() (git-fixes).\n- fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes).\n- fs: orangefs: fix error return code of orangefs_revalidate_lookup() (git-fixes).\n- fs: ratelimit __find_get_block_slow() failure message (git-fixes).\n- fs: warn about impending deprecation of mandatory locks (git-fixes).\n- gfs2: Allow lock_nolock mount to specify jid=X (git-fixes).\n- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).\n- gfs2: Do not call dlm after protocol is unmounted (git-fixes).\n- gfs2: Do not set GFS2_RDF_UPTODATE when the lvb is updated (git-fixes).\n- gfs2: Do not skip dlm unlock if glock had an lvb (git-fixes).\n- gfs2: Fix inode height consistency check (git-fixes).\n- gfs2: Fix lru_count going negative (git-fixes).\n- gfs2: Fix marking bitmaps non-full (git-fixes).\n- gfs2: Fix possible data races in gfs2_show_options() (git-fixes).\n- gfs2: Fix sign extension bug in gfs2_update_stats (git-fixes).\n- gfs2: Fix use-after-free in gfs2_glock_shrink_scan (git-fixes).\n- gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free (git-fixes).\n- gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes).\n- gfs2: Special-case rindex for gfs2_grow (git-fixes).\n- gfs2: Wake up when sd_glock_disposal becomes zero (git-fixes).\n- gfs2: add validation checks for size of superblock (git-fixes).\n- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).\n- gfs2: check for empty rgrp tree in gfs2_ri_update (git-fixes).\n- gfs2: check for live vs. read-only file system in gfs2_fitrim (git-fixes).\n- gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps (git-fixes).\n- gfs2: fix use-after-free on transaction ail lists (git-fixes).\n- gfs2: ignore negated quota changes (git-fixes).\n- gfs2: initialize transaction tr_ailX_lists earlier (git-fixes).\n- gfs2: report 'already frozen/thawed' errors (git-fixes).\n- gfs2: take jdata unstuff into account in do_grow (git-fixes).\n- gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache (git-fixes).\n- gtp: change NET_UDP_TUNNEL dependency to select (git-fixes).\n- help_next should increase position index (git-fixes).\n- iomap: sub-block dio needs to zeroout beyond EOF (git-fixes).\n- kernfs: Separate kernfs_pr_cont_buf and rename_lock (git-fixes).\n- kernfs: bring names in comments in line with code (git-fixes).\n- kernfs: fix use-after-free in __kernfs_remove (git-fixes).\n- libceph: use kernel_connect() (bsc#1219446).\n- libnvdimm/btt: Fix LBA masking during 'free list' population (git-fixes).\n- libnvdimm/btt: Fix a kmemdup failure check (git-fixes).\n- libnvdimm/btt: Remove unnecessary code in btt_freelist_init (git-fixes).\n- libnvdimm/btt: fix variable 'rc' set but not used (git-fixes).\n- libnvdimm/namespace: Fix a potential NULL pointer dereference (git-fixes).\n- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes).\n- libnvdimm/pmem: Delete include of nd-core.h (git-fixes).\n- libnvdimm/pmem: fix a possible OOB access when read and write pmem (git-fixes).\n- libnvdimm/region: Fix label activation vs errors (git-fixes).\n- libnvdimm: Fix compilation warnings with W=1 (git-fixes).\n- libnvdimm: Out of bounds read in __nd_ioctl() (git-fixes).\n- libnvdimm: Validate command family indices (git-fixes).\n- libnvdimm: cover up changes in struct nvdimm_bus_descriptor (git-fixes).\n- locks: print a warning when mount fails due to lack of 'mand' support (git-fixes).\n- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).\n- mlxsw: spectrum: Avoid -Wformat-truncation warnings (git-fixes).\n- mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG (git-fixes).\n- mlxsw: spectrum: Set LAG port collector only when active (git-fixes).\n- mm,mremap: bail out earlier in mremap_to under map pressure (bsc#1123986).\n- net: (cpts) fix a missing check of clk_prepare (git-fixes).\n- net: dsa: bcm_sf2: Propagate error value from mdio_write (git-fixes).\n- net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 (git-fixes).\n- net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0 (git-fixed).\n- net: dsa: qca8k: Enable delay for RGMII_ID mode (git-fixes).\n- net: ethernet: ti: fix possible object reference leak (git-fixes).\n- net: fec: Do not use netdev messages too early (git-fixes).\n- net: ks8851: Delay requesting IRQ until opened (git-fixes).\n- net: ks8851: Reassert reset pin if chip ID check fails (git-fixes).\n- net: ks8851: Set initial carrier state to down (git-fixes).\n- net: macb: Add null check for PCLK and HCLK (git-fixed).\n- net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() (git-fixes).\n- net: phy: sfp: warn the user when no tx_disable pin is available (git-fixes).\n- net: phylink: avoid resolving link state too early (git-fixes).\n- net: sfp: do not probe SFP module before we're attached (git-fixes).\n- net: stmmac: Disable EEE mode earlier in XMIT callback (git-fixes).\n- net: stmmac: Fallback to Platform Data clock in Watchdog conversion (git-fixes).\n- net: stmmac: do not overwrite discard_frame status (git-fixes).\n- net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() (git-fixes).\n- net: stmmac: dwmac1000: Clear unused address entries (git-fixed).\n- net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting (git-fixes).\n- net: stmmac: dwmac4/5: Clear unused address entries (git-fixes).\n- net: systemport: Fix reception of BPDUs (git-fixes).\n- net: xilinx: fix possible object reference leak (git-fixed).\n- nfs: NFS 4.0 LOCK calls getting constant NFS4ERR_BAD_SEQID (bsc#1218968).\n- nfsd: drop st_mutex and rp_mutex before calling move_to_close_lru() (bsc#1217525).\n- nvdimm/btt: do not call del_gendisk() if not needed (git-fixes).\n- nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).\n- nvdimm: Fix badblocks clear off-by-one error (git-fixes).\n- nvmet-tcp: fix a crash in nvmet_req_complete() (git-fixes).\n- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes).\n- orangefs: Fix sysfs not cleanup when dev init failed (git-fixes).\n- orangefs: fix orangefs df output (git-fixes).\n- orangefs: rate limit the client not running info message (git-fixes).\n- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).\n- powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).\n- powerpc/pseries/memhotplug: Quieten some DLPAR operations (bsc#1065729).\n- powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).\n- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1065729).\n- preserve KABI for struct plat_stmmacenet_data (git-fixes).\n- preserve KABI for struct sfp_socket_ops (git-fixes).\n- proc: fix /proc/*/map_files lookup (git-fixes).\n- pstore/ram: Check start of empty przs during init (git-fixes).\n- pstore/ram: Fix error return code in ramoops_probe() (git-fixes).\n- pstore/ram: Run without kernel crash dump region (git-fixes).\n- pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes).\n- pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes).\n- reiserfs: Check the return value from __getblk() (git-fixes).\n- reiserfs: Replace 1-element array with C99 style flex-array (git-fixes).\n- s390/dasd: fix double module refcount decrement (bsc#1141539).\n- scsi: qedf: fc_rport_priv reference counting fixes (bsc#1212152). \n- scsi: qla0xxx: Fix system crash due to bad pointer access (git-fixes).\n- sfc: initialise found bitmap in efx_ef10_mtd_probe (git-fixes).\n- statfs: enforce statfs[64] structure initialization (git-fixes).\n- tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes).\n- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).\n- veth: Fixing transmit return status for dropped packets (git-fixes).\n- vfs: make freeze_super abort when sync_filesystem returns error (git-fixes).\n- writeback: Export inode_io_list_del() (bsc#1216989). \n- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).\n- x86/alternatives: Sync core before enabling interrupts (git-fixes).\n- x86/asm: Ensure asm/proto.h can be included stand-alone (git-fixes).\n- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).\n- x86/build: Treat R_386_PLT32 relocation as R_386_PC32 (git-fixes).\n- x86/build: Turn off -fcf-protection for realmode targets (git-fixes).\n- x86/cpu/hygon: Fix the CPU topology evaluation for real (git-fixes).\n- x86/cpu: Add another Alder Lake CPU to the Intel family (git-fixes).\n- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).\n- x86/kvm/lapic: always disable MMIO interface in x2APIC mode (git-fixes).\n- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).\n- x86/lib: Fix overflow when counting digits (git-fixes).\n- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes).\n- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).\n- x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes).\n- x86/mm: Add a x86_has_pat_wp() helper (git-fixes).\n- x86/pat: Fix x86_has_pat_wp() (git-fixes).\n- x86/pat: Pass valid address to sanitize_phys() (git-fixes).\n- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).\n- x86/pm: Fix false positive kmemleak report in msr_build_context() (git-fixes).\n- x86/purgatory: Do not generate debug info for purgatory.ro (git-fixes).\n- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).\n- x86/topology: Fix duplicated core ID within a package (git-fixes).\n- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).\n- x86/unwind/orc: Fix unreliable stack dump with gcov (git-fixes).\n- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).\n- x86: Clear .brk area at early boot (git-fixes).\n- x86: Fix __get_wchan() for !STACKTRACE (git-fixes).\n- x86: Fix get_wchan() to support the ORC unwinder (git-fixes).\n- x86: Mark stop_this_cpu() __noreturn (git-fixes).\n- x86: Pin task-stack in __get_wchan() (git-fixes).\n- x86: __always_inline __{rd,wr}msr() (git-fixes).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-468,SUSE-SLE-RT-12-SP5-2024-468", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0468-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:0468-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20240468-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:0468-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017914.html", }, { category: "self", summary: "SUSE Bug 1065729", url: "https://bugzilla.suse.com/1065729", }, { category: "self", summary: "SUSE Bug 1108281", url: "https://bugzilla.suse.com/1108281", }, { category: "self", summary: "SUSE Bug 1123986", url: "https://bugzilla.suse.com/1123986", }, { category: "self", summary: "SUSE Bug 1141539", url: "https://bugzilla.suse.com/1141539", }, { category: "self", summary: "SUSE Bug 1181674", url: "https://bugzilla.suse.com/1181674", }, { category: "self", summary: "SUSE Bug 1206889", url: "https://bugzilla.suse.com/1206889", }, { category: "self", summary: "SUSE Bug 1212152", url: "https://bugzilla.suse.com/1212152", }, { category: "self", summary: "SUSE Bug 1216702", url: "https://bugzilla.suse.com/1216702", }, { category: "self", summary: "SUSE Bug 1216989", url: "https://bugzilla.suse.com/1216989", }, { category: "self", summary: "SUSE Bug 1217525", url: "https://bugzilla.suse.com/1217525", }, { category: "self", summary: "SUSE Bug 1218713", url: "https://bugzilla.suse.com/1218713", }, { category: "self", summary: "SUSE Bug 1218730", url: "https://bugzilla.suse.com/1218730", }, { category: "self", summary: "SUSE Bug 1218752", url: "https://bugzilla.suse.com/1218752", }, { category: "self", summary: "SUSE Bug 1218757", url: "https://bugzilla.suse.com/1218757", }, { category: "self", summary: "SUSE Bug 1218768", url: "https://bugzilla.suse.com/1218768", }, { category: "self", summary: "SUSE Bug 1218836", url: "https://bugzilla.suse.com/1218836", }, { category: "self", summary: "SUSE Bug 1218968", url: "https://bugzilla.suse.com/1218968", }, { category: "self", summary: "SUSE Bug 1219022", url: "https://bugzilla.suse.com/1219022", }, { category: "self", summary: "SUSE Bug 1219053", url: "https://bugzilla.suse.com/1219053", }, { category: "self", summary: "SUSE Bug 1219120", url: "https://bugzilla.suse.com/1219120", }, { category: "self", summary: "SUSE Bug 1219412", url: "https://bugzilla.suse.com/1219412", }, { category: "self", summary: "SUSE Bug 1219434", url: "https://bugzilla.suse.com/1219434", }, { category: "self", summary: "SUSE Bug 1219445", url: "https://bugzilla.suse.com/1219445", }, { category: "self", summary: "SUSE Bug 1219446", url: "https://bugzilla.suse.com/1219446", }, { category: "self", summary: "SUSE CVE CVE-2021-33631 page", url: "https://www.suse.com/security/cve/CVE-2021-33631/", }, { category: "self", summary: "SUSE CVE CVE-2023-46838 page", url: "https://www.suse.com/security/cve/CVE-2023-46838/", }, { category: "self", summary: "SUSE CVE CVE-2023-47233 page", url: "https://www.suse.com/security/cve/CVE-2023-47233/", }, { category: "self", summary: "SUSE CVE CVE-2023-51043 page", url: "https://www.suse.com/security/cve/CVE-2023-51043/", }, { category: "self", summary: "SUSE CVE CVE-2023-51780 page", url: "https://www.suse.com/security/cve/CVE-2023-51780/", }, { category: "self", summary: "SUSE CVE CVE-2023-51782 page", url: "https://www.suse.com/security/cve/CVE-2023-51782/", }, { category: "self", summary: "SUSE CVE CVE-2023-6040 page", url: "https://www.suse.com/security/cve/CVE-2023-6040/", }, { category: "self", summary: "SUSE CVE CVE-2024-0775 page", url: "https://www.suse.com/security/cve/CVE-2024-0775/", }, { category: "self", summary: "SUSE CVE CVE-2024-1086 page", url: "https://www.suse.com/security/cve/CVE-2024-1086/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2024-02-14T12:19:13Z", generator: { date: "2024-02-14T12:19:13Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:0468-1", initial_release_date: "2024-02-14T12:19:13Z", revision_history: [ { date: "2024-02-14T12:19:13Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-devel-rt-4.12.14-10.162.1.noarch", product: { name: "kernel-devel-rt-4.12.14-10.162.1.noarch", product_id: "kernel-devel-rt-4.12.14-10.162.1.noarch", }, }, { category: "product_version", name: "kernel-source-rt-4.12.14-10.162.1.noarch", product: { name: "kernel-source-rt-4.12.14-10.162.1.noarch", product_id: "kernel-source-rt-4.12.14-10.162.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", product: { name: "cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", product_id: "cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "cluster-md-kmp-rt_debug-4.12.14-10.162.1.x86_64", product: { name: "cluster-md-kmp-rt_debug-4.12.14-10.162.1.x86_64", product_id: "cluster-md-kmp-rt_debug-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "dlm-kmp-rt-4.12.14-10.162.1.x86_64", product: { name: "dlm-kmp-rt-4.12.14-10.162.1.x86_64", product_id: "dlm-kmp-rt-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "dlm-kmp-rt_debug-4.12.14-10.162.1.x86_64", product: { name: "dlm-kmp-rt_debug-4.12.14-10.162.1.x86_64", product_id: "dlm-kmp-rt_debug-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-rt-4.12.14-10.162.1.x86_64", product: { name: "gfs2-kmp-rt-4.12.14-10.162.1.x86_64", product_id: "gfs2-kmp-rt-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-rt_debug-4.12.14-10.162.1.x86_64", product: { name: "gfs2-kmp-rt_debug-4.12.14-10.162.1.x86_64", product_id: "gfs2-kmp-rt_debug-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-4.12.14-10.162.1.x86_64", product: { name: "kernel-rt-4.12.14-10.162.1.x86_64", product_id: "kernel-rt-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-base-4.12.14-10.162.1.x86_64", product: { name: "kernel-rt-base-4.12.14-10.162.1.x86_64", product_id: "kernel-rt-base-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-devel-4.12.14-10.162.1.x86_64", product: { name: "kernel-rt-devel-4.12.14-10.162.1.x86_64", product_id: "kernel-rt-devel-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-extra-4.12.14-10.162.1.x86_64", product: { name: "kernel-rt-extra-4.12.14-10.162.1.x86_64", product_id: "kernel-rt-extra-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-kgraft-devel-4.12.14-10.162.1.x86_64", product: { name: "kernel-rt-kgraft-devel-4.12.14-10.162.1.x86_64", product_id: "kernel-rt-kgraft-devel-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-4.12.14-10.162.1.x86_64", product: { name: "kernel-rt_debug-4.12.14-10.162.1.x86_64", product_id: "kernel-rt_debug-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-base-4.12.14-10.162.1.x86_64", product: { name: "kernel-rt_debug-base-4.12.14-10.162.1.x86_64", product_id: "kernel-rt_debug-base-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", product: { name: "kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", product_id: "kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-extra-4.12.14-10.162.1.x86_64", product: { name: "kernel-rt_debug-extra-4.12.14-10.162.1.x86_64", product_id: "kernel-rt_debug-extra-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-kgraft-devel-4.12.14-10.162.1.x86_64", product: { name: "kernel-rt_debug-kgraft-devel-4.12.14-10.162.1.x86_64", product_id: "kernel-rt_debug-kgraft-devel-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-rt-4.12.14-10.162.1.x86_64", product: { name: "kernel-syms-rt-4.12.14-10.162.1.x86_64", product_id: "kernel-syms-rt-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-rt-4.12.14-10.162.1.x86_64", product: { name: "kselftests-kmp-rt-4.12.14-10.162.1.x86_64", product_id: "kselftests-kmp-rt-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-rt_debug-4.12.14-10.162.1.x86_64", product: { name: "kselftests-kmp-rt_debug-4.12.14-10.162.1.x86_64", product_id: "kselftests-kmp-rt_debug-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", product: { name: "ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", product_id: "ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-rt_debug-4.12.14-10.162.1.x86_64", product: { name: "ocfs2-kmp-rt_debug-4.12.14-10.162.1.x86_64", product_id: "ocfs2-kmp-rt_debug-4.12.14-10.162.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Real Time 12 SP5", product: { name: "SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:suse-linux-enterprise-rt:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "cluster-md-kmp-rt-4.12.14-10.162.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", }, product_reference: "cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "dlm-kmp-rt-4.12.14-10.162.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", }, product_reference: "dlm-kmp-rt-4.12.14-10.162.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "gfs2-kmp-rt-4.12.14-10.162.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", }, product_reference: "gfs2-kmp-rt-4.12.14-10.162.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-rt-4.12.14-10.162.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", }, product_reference: "kernel-devel-rt-4.12.14-10.162.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-4.12.14-10.162.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", }, product_reference: "kernel-rt-4.12.14-10.162.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-base-4.12.14-10.162.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", }, product_reference: "kernel-rt-base-4.12.14-10.162.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-devel-4.12.14-10.162.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", }, product_reference: "kernel-rt-devel-4.12.14-10.162.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-4.12.14-10.162.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", }, product_reference: "kernel-rt_debug-4.12.14-10.162.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-devel-4.12.14-10.162.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", }, product_reference: "kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-source-rt-4.12.14-10.162.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", }, product_reference: "kernel-source-rt-4.12.14-10.162.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-rt-4.12.14-10.162.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", }, product_reference: "kernel-syms-rt-4.12.14-10.162.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "ocfs2-kmp-rt-4.12.14-10.162.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", }, product_reference: "ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2021-33631", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-33631", }, ], notes: [ { category: "general", text: "Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-33631", url: "https://www.suse.com/security/cve/CVE-2021-33631", }, { category: "external", summary: "SUSE Bug 1219412 for CVE-2021-33631", url: "https://bugzilla.suse.com/1219412", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-02-14T12:19:13Z", details: "moderate", }, ], title: "CVE-2021-33631", }, { cve: "CVE-2023-46838", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-46838", }, ], notes: [ { category: "general", text: "Transmit requests in Xen's virtual network protocol can consist of\nmultiple parts. While not really useful, except for the initial part\nany of them may be of zero length, i.e. carry no data at all. Besides a\ncertain initial portion of the to be transferred data, these parts are\ndirectly translated into what Linux calls SKB fragments. Such converted\nrequest parts can, when for a particular SKB they are all of length\nzero, lead to a de-reference of NULL in core networking code.\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-46838", url: "https://www.suse.com/security/cve/CVE-2023-46838", }, { category: "external", summary: "SUSE Bug 1218836 for CVE-2023-46838", url: "https://bugzilla.suse.com/1218836", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-02-14T12:19:13Z", details: "moderate", }, ], title: "CVE-2023-46838", }, { cve: "CVE-2023-47233", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-47233", }, ], notes: [ { category: "general", text: "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-47233", url: "https://www.suse.com/security/cve/CVE-2023-47233", }, { category: "external", summary: "SUSE Bug 1216702 for CVE-2023-47233", url: "https://bugzilla.suse.com/1216702", }, { category: "external", summary: "SUSE Bug 1224592 for CVE-2023-47233", url: "https://bugzilla.suse.com/1224592", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-02-14T12:19:13Z", details: "moderate", }, ], title: "CVE-2023-47233", }, { cve: "CVE-2023-51043", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-51043", }, ], notes: [ { category: "general", text: "In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-51043", url: "https://www.suse.com/security/cve/CVE-2023-51043", }, { category: "external", summary: "SUSE Bug 1219120 for CVE-2023-51043", url: "https://bugzilla.suse.com/1219120", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-02-14T12:19:13Z", details: "moderate", }, ], title: "CVE-2023-51043", }, { cve: "CVE-2023-51780", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-51780", }, ], notes: [ { category: "general", text: "An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-51780", url: "https://www.suse.com/security/cve/CVE-2023-51780", }, { category: "external", summary: "SUSE Bug 1218730 for CVE-2023-51780", url: "https://bugzilla.suse.com/1218730", }, { category: "external", summary: "SUSE Bug 1218733 for CVE-2023-51780", url: "https://bugzilla.suse.com/1218733", }, { category: "external", summary: "SUSE Bug 1220191 for CVE-2023-51780", url: "https://bugzilla.suse.com/1220191", }, { category: "external", summary: "SUSE Bug 1221578 for CVE-2023-51780", url: "https://bugzilla.suse.com/1221578", }, { category: "external", summary: "SUSE Bug 1221598 for CVE-2023-51780", url: "https://bugzilla.suse.com/1221598", }, { category: "external", summary: "SUSE Bug 1224298 for CVE-2023-51780", url: "https://bugzilla.suse.com/1224298", }, { category: "external", summary: "SUSE Bug 1224878 for CVE-2023-51780", url: "https://bugzilla.suse.com/1224878", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-02-14T12:19:13Z", details: "important", }, ], title: "CVE-2023-51780", }, { cve: "CVE-2023-51782", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-51782", }, ], notes: [ { category: "general", text: "An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-51782", url: "https://www.suse.com/security/cve/CVE-2023-51782", }, { category: "external", summary: "SUSE Bug 1218757 for CVE-2023-51782", url: "https://bugzilla.suse.com/1218757", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-02-14T12:19:13Z", details: "moderate", }, ], title: "CVE-2023-51782", }, { cve: "CVE-2023-6040", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-6040", }, ], notes: [ { category: "general", text: "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-6040", url: "https://www.suse.com/security/cve/CVE-2023-6040", }, { category: "external", summary: "SUSE Bug 1218752 for CVE-2023-6040", url: "https://bugzilla.suse.com/1218752", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-02-14T12:19:13Z", details: "moderate", }, ], title: "CVE-2023-6040", }, { cve: "CVE-2024-0775", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-0775", }, ], notes: [ { category: "general", text: "A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-0775", url: "https://www.suse.com/security/cve/CVE-2024-0775", }, { category: "external", summary: "SUSE Bug 1219053 for CVE-2024-0775", url: "https://bugzilla.suse.com/1219053", }, { category: "external", summary: "SUSE Bug 1219082 for CVE-2024-0775", url: "https://bugzilla.suse.com/1219082", }, { category: "external", summary: "SUSE Bug 1224298 for CVE-2024-0775", url: "https://bugzilla.suse.com/1224298", }, { category: "external", summary: "SUSE Bug 1224878 for CVE-2024-0775", url: "https://bugzilla.suse.com/1224878", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-02-14T12:19:13Z", details: "important", }, ], title: "CVE-2024-0775", }, { cve: "CVE-2024-1086", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-1086", }, ], notes: [ { category: "general", text: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-1086", url: "https://www.suse.com/security/cve/CVE-2024-1086", }, { category: "external", summary: "SUSE Bug 1219434 for CVE-2024-1086", url: "https://bugzilla.suse.com/1219434", }, { category: "external", summary: "SUSE Bug 1219435 for CVE-2024-1086", url: "https://bugzilla.suse.com/1219435", }, { category: "external", summary: "SUSE Bug 1224298 for CVE-2024-1086", url: "https://bugzilla.suse.com/1224298", }, { category: "external", summary: "SUSE Bug 1224878 for CVE-2024-1086", url: "https://bugzilla.suse.com/1224878", }, { category: "external", summary: "SUSE Bug 1226066 for CVE-2024-1086", url: "https://bugzilla.suse.com/1226066", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.162.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.162.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.162.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-02-14T12:19:13Z", details: "important", }, ], title: "CVE-2024-1086", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.