suse-su-2024:0856-1
Vulnerability from csaf_suse
Published
2024-03-13 00:04
Modified
2024-03-13 00:04
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863)
- CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860)
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737).
- CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570).
- CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
The following non-security bugs were fixed:
- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330)
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes).
- KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes).
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes).
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
Patchnames
SUSE-2024-856,SUSE-SUSE-MicroOS-5.1-2024-856,SUSE-SUSE-MicroOS-5.2-2024-856
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863)\n- CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860)\n- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)\n- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).\n- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).\n- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).\n- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).\n- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).\n- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).\n- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).\n- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).\n- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).\n- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).\n- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).\n- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).\n- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).\n- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).\n- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).\n- CVE-2021-47005: Fixed a NULL pointer dereference for -\u003eget_features() (bsc#1220660).\n- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).\n- CVE-2023-52340: Fixed ICMPv6 \u201cPacket Too Big\u201d packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).\n- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).\n- CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742).\n- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).\n- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).\n- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).\n- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)\n- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).\n- CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627).\n- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).\n- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)\n- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)\n- CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737).\n- CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436).\n- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)\n- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).\n- CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570).\n- CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync\u0027ing SRCU (bsc#1220745).\n- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).\n- CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343).\n- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).\n- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).\n- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).\n- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).\n- CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).\n- CVE-2024-26586: Fixed stack corruption (bsc#1220243).\n- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).\n- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).\n- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).\n- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).\n- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).\n- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).\n\nThe following non-security bugs were fixed:\n\n- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330)\n- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915).\n- ibmvfc: make \u0027max_sectors\u0027 a module option (bsc#1216223).\n- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes).\n- KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes).\n- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).\n- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).\n- KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes).\n- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes).\n- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes).\n- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).\n- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915).\n- scsi: Update max_hw_sectors on rescan (bsc#1216223).\n- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).\n- x86/bugs: Add asm helpers for executing VERW (git-fixes).\n- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).\n- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes).\n- x86/entry_32: Add VERW just before userspace transition (git-fixes).\n- x86/entry_64: Add VERW just before userspace transition (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-856,SUSE-SUSE-MicroOS-5.1-2024-856,SUSE-SUSE-MicroOS-5.2-2024-856",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0856-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0856-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240856-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0856-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html"
},
{
"category": "self",
"summary": "SUSE Bug 1155518",
"url": "https://bugzilla.suse.com/1155518"
},
{
"category": "self",
"summary": "SUSE Bug 1184436",
"url": "https://bugzilla.suse.com/1184436"
},
{
"category": "self",
"summary": "SUSE Bug 1185988",
"url": "https://bugzilla.suse.com/1185988"
},
{
"category": "self",
"summary": "SUSE Bug 1186286",
"url": "https://bugzilla.suse.com/1186286"
},
{
"category": "self",
"summary": "SUSE Bug 1200599",
"url": "https://bugzilla.suse.com/1200599"
},
{
"category": "self",
"summary": "SUSE Bug 1207653",
"url": "https://bugzilla.suse.com/1207653"
},
{
"category": "self",
"summary": "SUSE Bug 1212514",
"url": "https://bugzilla.suse.com/1212514"
},
{
"category": "self",
"summary": "SUSE Bug 1213456",
"url": "https://bugzilla.suse.com/1213456"
},
{
"category": "self",
"summary": "SUSE Bug 1216223",
"url": "https://bugzilla.suse.com/1216223"
},
{
"category": "self",
"summary": "SUSE Bug 1218195",
"url": "https://bugzilla.suse.com/1218195"
},
{
"category": "self",
"summary": "SUSE Bug 1218689",
"url": "https://bugzilla.suse.com/1218689"
},
{
"category": "self",
"summary": "SUSE Bug 1218915",
"url": "https://bugzilla.suse.com/1218915"
},
{
"category": "self",
"summary": "SUSE Bug 1219127",
"url": "https://bugzilla.suse.com/1219127"
},
{
"category": "self",
"summary": "SUSE Bug 1219128",
"url": "https://bugzilla.suse.com/1219128"
},
{
"category": "self",
"summary": "SUSE Bug 1219146",
"url": "https://bugzilla.suse.com/1219146"
},
{
"category": "self",
"summary": "SUSE Bug 1219295",
"url": "https://bugzilla.suse.com/1219295"
},
{
"category": "self",
"summary": "SUSE Bug 1219653",
"url": "https://bugzilla.suse.com/1219653"
},
{
"category": "self",
"summary": "SUSE Bug 1219827",
"url": "https://bugzilla.suse.com/1219827"
},
{
"category": "self",
"summary": "SUSE Bug 1219835",
"url": "https://bugzilla.suse.com/1219835"
},
{
"category": "self",
"summary": "SUSE Bug 1219915",
"url": "https://bugzilla.suse.com/1219915"
},
{
"category": "self",
"summary": "SUSE Bug 1220009",
"url": "https://bugzilla.suse.com/1220009"
},
{
"category": "self",
"summary": "SUSE Bug 1220140",
"url": "https://bugzilla.suse.com/1220140"
},
{
"category": "self",
"summary": "SUSE Bug 1220187",
"url": "https://bugzilla.suse.com/1220187"
},
{
"category": "self",
"summary": "SUSE Bug 1220238",
"url": "https://bugzilla.suse.com/1220238"
},
{
"category": "self",
"summary": "SUSE Bug 1220240",
"url": "https://bugzilla.suse.com/1220240"
},
{
"category": "self",
"summary": "SUSE Bug 1220241",
"url": "https://bugzilla.suse.com/1220241"
},
{
"category": "self",
"summary": "SUSE Bug 1220243",
"url": "https://bugzilla.suse.com/1220243"
},
{
"category": "self",
"summary": "SUSE Bug 1220250",
"url": "https://bugzilla.suse.com/1220250"
},
{
"category": "self",
"summary": "SUSE Bug 1220253",
"url": "https://bugzilla.suse.com/1220253"
},
{
"category": "self",
"summary": "SUSE Bug 1220255",
"url": "https://bugzilla.suse.com/1220255"
},
{
"category": "self",
"summary": "SUSE Bug 1220328",
"url": "https://bugzilla.suse.com/1220328"
},
{
"category": "self",
"summary": "SUSE Bug 1220330",
"url": "https://bugzilla.suse.com/1220330"
},
{
"category": "self",
"summary": "SUSE Bug 1220344",
"url": "https://bugzilla.suse.com/1220344"
},
{
"category": "self",
"summary": "SUSE Bug 1220398",
"url": "https://bugzilla.suse.com/1220398"
},
{
"category": "self",
"summary": "SUSE Bug 1220409",
"url": "https://bugzilla.suse.com/1220409"
},
{
"category": "self",
"summary": "SUSE Bug 1220416",
"url": "https://bugzilla.suse.com/1220416"
},
{
"category": "self",
"summary": "SUSE Bug 1220418",
"url": "https://bugzilla.suse.com/1220418"
},
{
"category": "self",
"summary": "SUSE Bug 1220421",
"url": "https://bugzilla.suse.com/1220421"
},
{
"category": "self",
"summary": "SUSE Bug 1220436",
"url": "https://bugzilla.suse.com/1220436"
},
{
"category": "self",
"summary": "SUSE Bug 1220444",
"url": "https://bugzilla.suse.com/1220444"
},
{
"category": "self",
"summary": "SUSE Bug 1220459",
"url": "https://bugzilla.suse.com/1220459"
},
{
"category": "self",
"summary": "SUSE Bug 1220469",
"url": "https://bugzilla.suse.com/1220469"
},
{
"category": "self",
"summary": "SUSE Bug 1220482",
"url": "https://bugzilla.suse.com/1220482"
},
{
"category": "self",
"summary": "SUSE Bug 1220526",
"url": "https://bugzilla.suse.com/1220526"
},
{
"category": "self",
"summary": "SUSE Bug 1220538",
"url": "https://bugzilla.suse.com/1220538"
},
{
"category": "self",
"summary": "SUSE Bug 1220570",
"url": "https://bugzilla.suse.com/1220570"
},
{
"category": "self",
"summary": "SUSE Bug 1220572",
"url": "https://bugzilla.suse.com/1220572"
},
{
"category": "self",
"summary": "SUSE Bug 1220599",
"url": "https://bugzilla.suse.com/1220599"
},
{
"category": "self",
"summary": "SUSE Bug 1220627",
"url": "https://bugzilla.suse.com/1220627"
},
{
"category": "self",
"summary": "SUSE Bug 1220641",
"url": "https://bugzilla.suse.com/1220641"
},
{
"category": "self",
"summary": "SUSE Bug 1220649",
"url": "https://bugzilla.suse.com/1220649"
},
{
"category": "self",
"summary": "SUSE Bug 1220660",
"url": "https://bugzilla.suse.com/1220660"
},
{
"category": "self",
"summary": "SUSE Bug 1220700",
"url": "https://bugzilla.suse.com/1220700"
},
{
"category": "self",
"summary": "SUSE Bug 1220735",
"url": "https://bugzilla.suse.com/1220735"
},
{
"category": "self",
"summary": "SUSE Bug 1220736",
"url": "https://bugzilla.suse.com/1220736"
},
{
"category": "self",
"summary": "SUSE Bug 1220737",
"url": "https://bugzilla.suse.com/1220737"
},
{
"category": "self",
"summary": "SUSE Bug 1220742",
"url": "https://bugzilla.suse.com/1220742"
},
{
"category": "self",
"summary": "SUSE Bug 1220745",
"url": "https://bugzilla.suse.com/1220745"
},
{
"category": "self",
"summary": "SUSE Bug 1220767",
"url": "https://bugzilla.suse.com/1220767"
},
{
"category": "self",
"summary": "SUSE Bug 1220796",
"url": "https://bugzilla.suse.com/1220796"
},
{
"category": "self",
"summary": "SUSE Bug 1220825",
"url": "https://bugzilla.suse.com/1220825"
},
{
"category": "self",
"summary": "SUSE Bug 1220826",
"url": "https://bugzilla.suse.com/1220826"
},
{
"category": "self",
"summary": "SUSE Bug 1220831",
"url": "https://bugzilla.suse.com/1220831"
},
{
"category": "self",
"summary": "SUSE Bug 1220845",
"url": "https://bugzilla.suse.com/1220845"
},
{
"category": "self",
"summary": "SUSE Bug 1220860",
"url": "https://bugzilla.suse.com/1220860"
},
{
"category": "self",
"summary": "SUSE Bug 1220863",
"url": "https://bugzilla.suse.com/1220863"
},
{
"category": "self",
"summary": "SUSE Bug 1220870",
"url": "https://bugzilla.suse.com/1220870"
},
{
"category": "self",
"summary": "SUSE Bug 1220917",
"url": "https://bugzilla.suse.com/1220917"
},
{
"category": "self",
"summary": "SUSE Bug 1220918",
"url": "https://bugzilla.suse.com/1220918"
},
{
"category": "self",
"summary": "SUSE Bug 1220930",
"url": "https://bugzilla.suse.com/1220930"
},
{
"category": "self",
"summary": "SUSE Bug 1220931",
"url": "https://bugzilla.suse.com/1220931"
},
{
"category": "self",
"summary": "SUSE Bug 1220932",
"url": "https://bugzilla.suse.com/1220932"
},
{
"category": "self",
"summary": "SUSE Bug 1221039",
"url": "https://bugzilla.suse.com/1221039"
},
{
"category": "self",
"summary": "SUSE Bug 1221040",
"url": "https://bugzilla.suse.com/1221040"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-25162 page",
"url": "https://www.suse.com/security/cve/CVE-2019-25162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36777 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36784 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46904 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46905 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46906 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46915 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46924 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46929 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46932 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46934 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46953 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46964 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46966 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46968 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46974 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46989 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47005 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47012 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47013 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47054 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47060 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47061 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47069 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47076 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47078 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47083 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-20154 page",
"url": "https://www.suse.com/security/cve/CVE-2022-20154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48627 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48627/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28746 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-35827 page",
"url": "https://www.suse.com/security/cve/CVE-2023-35827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46343 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-51042 page",
"url": "https://www.suse.com/security/cve/CVE-2023-51042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52340 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52429 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52439 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52443 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52445 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52445/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52448 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52449 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52451 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52463 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52475 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52475/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52478 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52482 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52482/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52502 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52530 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52530/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52531 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52531/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52532 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52532/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52569 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52574 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52605 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6817 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0340 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0607 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0607/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1151 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23849 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23851 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26585 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26586 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26589 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26593 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26595 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26602 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26607 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26607/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26622 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26622/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2024-03-13T00:04:28Z",
"generator": {
"date": "2024-03-13T00:04:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0856-1",
"initial_release_date": "2024-03-13T00:04:28Z",
"revision_history": [
{
"date": "2024-03-13T00:04:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.3.18-150300.161.1.noarch",
"product": {
"name": "kernel-devel-rt-5.3.18-150300.161.1.noarch",
"product_id": "kernel-devel-rt-5.3.18-150300.161.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.3.18-150300.161.1.noarch",
"product": {
"name": "kernel-source-rt-5.3.18-150300.161.1.noarch",
"product_id": "kernel-source-rt-5.3.18-150300.161.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.3.18-150300.161.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.3.18-150300.161.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.161.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.161.1.x86_64",
"product_id": "cluster-md-kmp-rt_debug-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.3.18-150300.161.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.3.18-150300.161.1.x86_64",
"product_id": "dlm-kmp-rt-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-5.3.18-150300.161.1.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-5.3.18-150300.161.1.x86_64",
"product_id": "dlm-kmp-rt_debug-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.3.18-150300.161.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.3.18-150300.161.1.x86_64",
"product_id": "gfs2-kmp-rt-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-5.3.18-150300.161.1.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-5.3.18-150300.161.1.x86_64",
"product_id": "gfs2-kmp-rt_debug-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.3.18-150300.161.1.x86_64",
"product": {
"name": "kernel-rt-5.3.18-150300.161.1.x86_64",
"product_id": "kernel-rt-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.3.18-150300.161.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.3.18-150300.161.1.x86_64",
"product_id": "kernel-rt-devel-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.3.18-150300.161.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.3.18-150300.161.1.x86_64",
"product_id": "kernel-rt-extra-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.3.18-150300.161.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.3.18-150300.161.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.3.18-150300.161.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.3.18-150300.161.1.x86_64",
"product_id": "kernel-rt-optional-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.3.18-150300.161.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.3.18-150300.161.1.x86_64",
"product_id": "kernel-rt_debug-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.3.18-150300.161.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.3.18-150300.161.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-5.3.18-150300.161.1.x86_64",
"product": {
"name": "kernel-rt_debug-extra-5.3.18-150300.161.1.x86_64",
"product_id": "kernel-rt_debug-extra-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.161.1.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.161.1.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-optional-5.3.18-150300.161.1.x86_64",
"product": {
"name": "kernel-rt_debug-optional-5.3.18-150300.161.1.x86_64",
"product_id": "kernel-rt_debug-optional-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.3.18-150300.161.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.3.18-150300.161.1.x86_64",
"product_id": "kernel-syms-rt-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.3.18-150300.161.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.3.18-150300.161.1.x86_64",
"product_id": "kselftests-kmp-rt-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-5.3.18-150300.161.1.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-5.3.18-150300.161.1.x86_64",
"product_id": "kselftests-kmp-rt_debug-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.3.18-150300.161.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.3.18-150300.161.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.161.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.161.1.x86_64",
"product_id": "ocfs2-kmp-rt_debug-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.3.18-150300.161.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.3.18-150300.161.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.3.18-150300.161.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.161.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.161.1.x86_64",
"product_id": "reiserfs-kmp-rt_debug-5.3.18-150300.161.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.161.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.161.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-150300.161.1.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-150300.161.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.161.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.161.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-150300.161.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-150300.161.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-25162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-25162"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: Fix a potential use after free\n\nFree the adap structure only after we are done using it.\nThis patch just moves the put_device() down a bit to avoid the\nuse after free.\n\n[wsa: added comment to the code, added Fixes tag]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-25162",
"url": "https://www.suse.com/security/cve/CVE-2019-25162"
},
{
"category": "external",
"summary": "SUSE Bug 1220409 for CVE-2019-25162",
"url": "https://bugzilla.suse.com/1220409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2019-25162"
},
{
"cve": "CVE-2020-36777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36777"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: Fix memory leak in dvb_media_device_free()\n\ndvb_media_device_free() is leaking memory. Free `dvbdev-\u003eadapter-\u003econn`\nbefore setting it to NULL, as documented in include/media/media-device.h:\n\"The media_entity instance itself must be freed explicitly by the driver\nif required.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36777",
"url": "https://www.suse.com/security/cve/CVE-2020-36777"
},
{
"category": "external",
"summary": "SUSE Bug 1220526 for CVE-2020-36777",
"url": "https://bugzilla.suse.com/1220526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2020-36777"
},
{
"cve": "CVE-2020-36784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: cadence: fix reference leak when pm_runtime_get_sync fails\n\nThe PM reference count is not expected to be incremented on\nreturn in functions cdns_i2c_master_xfer and cdns_reg_slave.\n\nHowever, pm_runtime_get_sync will increment pm usage counter\neven failed. Forgetting to putting operation will result in a\nreference leak here.\n\nReplace it with pm_runtime_resume_and_get to keep usage\ncounter balanced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36784",
"url": "https://www.suse.com/security/cve/CVE-2020-36784"
},
{
"category": "external",
"summary": "SUSE Bug 1220570 for CVE-2020-36784",
"url": "https://bugzilla.suse.com/1220570"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2020-36784"
},
{
"cve": "CVE-2021-46904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46904"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hso: fix null-ptr-deref during tty device unregistration\n\nMultiple ttys try to claim the same the minor number causing a double\nunregistration of the same device. The first unregistration succeeds\nbut the next one results in a null-ptr-deref.\n\nThe get_free_serial_index() function returns an available minor number\nbut doesn\u0027t assign it immediately. The assignment is done by the caller\nlater. But before this assignment, calls to get_free_serial_index()\nwould return the same minor number.\n\nFix this by modifying get_free_serial_index to assign the minor number\nimmediately after one is found to be and rename it to obtain_minor()\nto better reflect what it does. Similary, rename set_serial_by_index()\nto release_minor() and modify it to free up the minor number of the\ngiven hso_serial. Every obtain_minor() should have corresponding\nrelease_minor() call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46904",
"url": "https://www.suse.com/security/cve/CVE-2021-46904"
},
{
"category": "external",
"summary": "SUSE Bug 1220416 for CVE-2021-46904",
"url": "https://bugzilla.suse.com/1220416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-46904"
},
{
"cve": "CVE-2021-46905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hso: fix NULL-deref on disconnect regression\n\nCommit 8a12f8836145 (\"net: hso: fix null-ptr-deref during tty device\nunregistration\") fixed the racy minor allocation reported by syzbot, but\nintroduced an unconditional NULL-pointer dereference on every disconnect\ninstead.\n\nSpecifically, the serial device table must no longer be accessed after\nthe minor has been released by hso_serial_tty_unregister().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46905",
"url": "https://www.suse.com/security/cve/CVE-2021-46905"
},
{
"category": "external",
"summary": "SUSE Bug 1220418 for CVE-2021-46905",
"url": "https://bugzilla.suse.com/1220418"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-46905"
},
{
"cve": "CVE-2021-46906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: fix info leak in hid_submit_ctrl\n\nIn hid_submit_ctrl(), the way of calculating the report length doesn\u0027t\ntake into account that report-\u003esize can be zero. When running the\nsyzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to\ncalculate transfer_buffer_length as 16384. When this urb is passed to\nthe usb core layer, KMSAN reports an info leak of 16384 bytes.\n\nTo fix this, first modify hid_report_len() to account for the zero\nreport size case by using DIV_ROUND_UP for the division. Then, call it\nfrom hid_submit_ctrl().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46906",
"url": "https://www.suse.com/security/cve/CVE-2021-46906"
},
{
"category": "external",
"summary": "SUSE Bug 1220421 for CVE-2021-46906",
"url": "https://bugzilla.suse.com/1220421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-46906"
},
{
"cve": "CVE-2021-46915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46915"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_limit: avoid possible divide error in nft_limit_init\n\ndiv_u64() divides u64 by u32.\n\nnft_limit_init() wants to divide u64 by u64, use the appropriate\nmath function (div64_u64)\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 PID: 8390 Comm: syz-executor188 Not tainted 5.12.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:div_u64_rem include/linux/math64.h:28 [inline]\nRIP: 0010:div_u64 include/linux/math64.h:127 [inline]\nRIP: 0010:nft_limit_init+0x2a2/0x5e0 net/netfilter/nft_limit.c:85\nCode: ef 4c 01 eb 41 0f 92 c7 48 89 de e8 38 a5 22 fa 4d 85 ff 0f 85 97 02 00 00 e8 ea 9e 22 fa 4c 0f af f3 45 89 ed 31 d2 4c 89 f0 \u003c49\u003e f7 f5 49 89 c6 e8 d3 9e 22 fa 48 8d 7d 48 48 b8 00 00 00 00 00\nRSP: 0018:ffffc90009447198 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000200000000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff875152e6 RDI: 0000000000000003\nRBP: ffff888020f80908 R08: 0000200000000000 R09: 0000000000000000\nR10: ffffffff875152d8 R11: 0000000000000000 R12: ffffc90009447270\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 000000000097a300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200001c4 CR3: 0000000026a52000 CR4: 00000000001506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n nf_tables_newexpr net/netfilter/nf_tables_api.c:2675 [inline]\n nft_expr_init+0x145/0x2d0 net/netfilter/nf_tables_api.c:2713\n nft_set_elem_expr_alloc+0x27/0x280 net/netfilter/nf_tables_api.c:5160\n nf_tables_newset+0x1997/0x3150 net/netfilter/nf_tables_api.c:4321\n nfnetlink_rcv_batch+0x85a/0x21b0 net/netfilter/nfnetlink.c:456\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:580 [inline]\n nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:598\n netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]\n netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338\n netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927\n sock_sendmsg_nosec net/socket.c:654 [inline]\n sock_sendmsg+0xcf/0x120 net/socket.c:674\n ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350\n ___sys_sendmsg+0xf3/0x170 net/socket.c:2404\n __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433\n do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x44/0xae",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46915",
"url": "https://www.suse.com/security/cve/CVE-2021-46915"
},
{
"category": "external",
"summary": "SUSE Bug 1220436 for CVE-2021-46915",
"url": "https://bugzilla.suse.com/1220436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-46915"
},
{
"cve": "CVE-2021-46924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: st21nfca: Fix memory leak in device probe and remove\n\n\u0027phy-\u003epending_skb\u0027 is alloced when device probe, but forgot to free\nin the error handling path and remove path, this cause memory leak\nas follows:\n\nunreferenced object 0xffff88800bc06800 (size 512):\n comm \"8\", pid 11775, jiffies 4295159829 (age 9.032s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c00000000d66c09ce\u003e] __kmalloc_node_track_caller+0x1ed/0x450\n [\u003c00000000c93382b3\u003e] kmalloc_reserve+0x37/0xd0\n [\u003c000000005fea522c\u003e] __alloc_skb+0x124/0x380\n [\u003c0000000019f29f9a\u003e] st21nfca_hci_i2c_probe+0x170/0x8f2\n\nFix it by freeing \u0027pending_skb\u0027 in error and remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46924",
"url": "https://www.suse.com/security/cve/CVE-2021-46924"
},
{
"category": "external",
"summary": "SUSE Bug 1220459 for CVE-2021-46924",
"url": "https://bugzilla.suse.com/1220459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-46924"
},
{
"cve": "CVE-2021-46929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: use call_rcu to free endpoint\n\nThis patch is to delay the endpoint free by calling call_rcu() to fix\nanother use-after-free issue in sctp_sock_dump():\n\n BUG: KASAN: use-after-free in __lock_acquire+0x36d9/0x4c20\n Call Trace:\n __lock_acquire+0x36d9/0x4c20 kernel/locking/lockdep.c:3218\n lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3844\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]\n _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168\n spin_lock_bh include/linux/spinlock.h:334 [inline]\n __lock_sock+0x203/0x350 net/core/sock.c:2253\n lock_sock_nested+0xfe/0x120 net/core/sock.c:2774\n lock_sock include/net/sock.h:1492 [inline]\n sctp_sock_dump+0x122/0xb20 net/sctp/diag.c:324\n sctp_for_each_transport+0x2b5/0x370 net/sctp/socket.c:5091\n sctp_diag_dump+0x3ac/0x660 net/sctp/diag.c:527\n __inet_diag_dump+0xa8/0x140 net/ipv4/inet_diag.c:1049\n inet_diag_dump+0x9b/0x110 net/ipv4/inet_diag.c:1065\n netlink_dump+0x606/0x1080 net/netlink/af_netlink.c:2244\n __netlink_dump_start+0x59a/0x7c0 net/netlink/af_netlink.c:2352\n netlink_dump_start include/linux/netlink.h:216 [inline]\n inet_diag_handler_cmd+0x2ce/0x3f0 net/ipv4/inet_diag.c:1170\n __sock_diag_cmd net/core/sock_diag.c:232 [inline]\n sock_diag_rcv_msg+0x31d/0x410 net/core/sock_diag.c:263\n netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2477\n sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:274\n\nThis issue occurs when asoc is peeled off and the old sk is freed after\ngetting it by asoc-\u003ebase.sk and before calling lock_sock(sk).\n\nTo prevent the sk free, as a holder of the sk, ep should be alive when\ncalling lock_sock(). This patch uses call_rcu() and moves sock_put and\nep free into sctp_endpoint_destroy_rcu(), so that it\u0027s safe to try to\nhold the ep under rcu_read_lock in sctp_transport_traverse_process().\n\nIf sctp_endpoint_hold() returns true, it means this ep is still alive\nand we have held it and can continue to dump it; If it returns false,\nit means this ep is dead and can be freed after rcu_read_unlock, and\nwe should skip it.\n\nIn sctp_sock_dump(), after locking the sk, if this ep is different from\ntsp-\u003easoc-\u003eep, it means during this dumping, this asoc was peeled off\nbefore calling lock_sock(), and the sk should be skipped; If this ep is\nthe same with tsp-\u003easoc-\u003eep, it means no peeloff happens on this asoc,\nand due to lock_sock, no peeloff will happen either until release_sock.\n\nNote that delaying endpoint free won\u0027t delay the port release, as the\nport release happens in sctp_endpoint_destroy() before calling call_rcu().\nAlso, freeing endpoint by call_rcu() makes it safe to access the sk by\nasoc-\u003ebase.sk in sctp_assocs_seq_show() and sctp_rcv().\n\nThanks Jones to bring this issue up.\n\nv1-\u003ev2:\n - improve the changelog.\n - add kfree(ep) into sctp_endpoint_destroy_rcu(), as Jakub noticed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46929",
"url": "https://www.suse.com/security/cve/CVE-2021-46929"
},
{
"category": "external",
"summary": "SUSE Bug 1220482 for CVE-2021-46929",
"url": "https://bugzilla.suse.com/1220482"
},
{
"category": "external",
"summary": "SUSE Bug 1222400 for CVE-2021-46929",
"url": "https://bugzilla.suse.com/1222400"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2021-46929",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2021-46929",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "important"
}
],
"title": "CVE-2021-46929"
},
{
"cve": "CVE-2021-46932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46932"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: appletouch - initialize work before device registration\n\nSyzbot has reported warning in __flush_work(). This warning is caused by\nwork-\u003efunc == NULL, which means missing work initialization.\n\nThis may happen, since input_dev-\u003eclose() calls\ncancel_work_sync(\u0026dev-\u003ework), but dev-\u003ework initalization happens _after_\ninput_register_device() call.\n\nSo this patch moves dev-\u003ework initialization before registering input\ndevice",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46932",
"url": "https://www.suse.com/security/cve/CVE-2021-46932"
},
{
"category": "external",
"summary": "SUSE Bug 1220444 for CVE-2021-46932",
"url": "https://bugzilla.suse.com/1220444"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-46932"
},
{
"cve": "CVE-2021-46934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: validate user data in compat ioctl\n\nWrong user data may cause warning in i2c_transfer(), ex: zero msgs.\nUserspace should not be able to trigger warnings, so this patch adds\nvalidation checks for user data in compact ioctl to prevent reported\nwarnings",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46934",
"url": "https://www.suse.com/security/cve/CVE-2021-46934"
},
{
"category": "external",
"summary": "SUSE Bug 1220469 for CVE-2021-46934",
"url": "https://bugzilla.suse.com/1220469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "low"
}
],
"title": "CVE-2021-46934"
},
{
"cve": "CVE-2021-46953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: GTDT: Don\u0027t corrupt interrupt mappings on watchdow probe failure\n\nWhen failing the driver probe because of invalid firmware properties,\nthe GTDT driver unmaps the interrupt that it mapped earlier.\n\nHowever, it never checks whether the mapping of the interrupt actially\nsucceeded. Even more, should the firmware report an illegal interrupt\nnumber that overlaps with the GIC SGI range, this can result in an\nIPI being unmapped, and subsequent fireworks (as reported by Dann\nFrazier).\n\nRework the driver to have a slightly saner behaviour and actually\ncheck whether the interrupt has been mapped before unmapping things.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46953",
"url": "https://www.suse.com/security/cve/CVE-2021-46953"
},
{
"category": "external",
"summary": "SUSE Bug 1220599 for CVE-2021-46953",
"url": "https://bugzilla.suse.com/1220599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-46953"
},
{
"cve": "CVE-2021-46964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46964"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Reserve extra IRQ vectors\n\nCommit a6dcfe08487e (\"scsi: qla2xxx: Limit interrupt vectors to number of\nCPUs\") lowers the number of allocated MSI-X vectors to the number of CPUs.\n\nThat breaks vector allocation assumptions in qla83xx_iospace_config(),\nqla24xx_enable_msix() and qla2x00_iospace_config(). Either of the functions\ncomputes maximum number of qpairs as:\n\n ha-\u003emax_qpairs = ha-\u003emsix_count - 1 (MB interrupt) - 1 (default\n response queue) - 1 (ATIO, in dual or pure target mode)\n\nmax_qpairs is set to zero in case of two CPUs and initiator mode. The\nnumber is then used to allocate ha-\u003equeue_pair_map inside\nqla2x00_alloc_queues(). No allocation happens and ha-\u003equeue_pair_map is\nleft NULL but the driver thinks there are queue pairs available.\n\nqla2xxx_queuecommand() tries to find a qpair in the map and crashes:\n\n if (ha-\u003emqenable) {\n uint32_t tag;\n uint16_t hwq;\n struct qla_qpair *qpair = NULL;\n\n tag = blk_mq_unique_tag(cmd-\u003erequest);\n hwq = blk_mq_unique_tag_to_hwq(tag);\n qpair = ha-\u003equeue_pair_map[hwq]; # \u003c- HERE\n\n if (qpair)\n return qla2xxx_mqueuecommand(host, cmd, qpair);\n }\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP PTI\n CPU: 0 PID: 72 Comm: kworker/u4:3 Tainted: G W 5.10.0-rc1+ #25\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014\n Workqueue: scsi_wq_7 fc_scsi_scan_rport [scsi_transport_fc]\n RIP: 0010:qla2xxx_queuecommand+0x16b/0x3f0 [qla2xxx]\n Call Trace:\n scsi_queue_rq+0x58c/0xa60\n blk_mq_dispatch_rq_list+0x2b7/0x6f0\n ? __sbitmap_get_word+0x2a/0x80\n __blk_mq_sched_dispatch_requests+0xb8/0x170\n blk_mq_sched_dispatch_requests+0x2b/0x50\n __blk_mq_run_hw_queue+0x49/0xb0\n __blk_mq_delay_run_hw_queue+0xfb/0x150\n blk_mq_sched_insert_request+0xbe/0x110\n blk_execute_rq+0x45/0x70\n __scsi_execute+0x10e/0x250\n scsi_probe_and_add_lun+0x228/0xda0\n __scsi_scan_target+0xf4/0x620\n ? __pm_runtime_resume+0x4f/0x70\n scsi_scan_target+0x100/0x110\n fc_scsi_scan_rport+0xa1/0xb0 [scsi_transport_fc]\n process_one_work+0x1ea/0x3b0\n worker_thread+0x28/0x3b0\n ? process_one_work+0x3b0/0x3b0\n kthread+0x112/0x130\n ? kthread_park+0x80/0x80\n ret_from_fork+0x22/0x30\n\nThe driver should allocate enough vectors to provide every CPU it\u0027s own HW\nqueue and still handle reserved (MB, RSP, ATIO) interrupts.\n\nThe change fixes the crash on dual core VM and prevents unbalanced QP\nallocation where nr_hw_queues is two less than the number of CPUs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46964",
"url": "https://www.suse.com/security/cve/CVE-2021-46964"
},
{
"category": "external",
"summary": "SUSE Bug 1220538 for CVE-2021-46964",
"url": "https://bugzilla.suse.com/1220538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-46964"
},
{
"cve": "CVE-2021-46966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46966"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: custom_method: fix potential use-after-free issue\n\nIn cm_write(), buf is always freed when reaching the end of the\nfunction. If the requested count is less than table.length, the\nallocated buffer will be freed but subsequent calls to cm_write() will\nstill try to access it.\n\nRemove the unconditional kfree(buf) at the end of the function and\nset the buf to NULL in the -EINVAL error path to match the rest of\nfunction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46966",
"url": "https://www.suse.com/security/cve/CVE-2021-46966"
},
{
"category": "external",
"summary": "SUSE Bug 1220572 for CVE-2021-46966",
"url": "https://bugzilla.suse.com/1220572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-46966"
},
{
"cve": "CVE-2021-46968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: fix zcard and zqueue hot-unplug memleak\n\nTests with kvm and a kmemdebug kernel showed, that on hot unplug the\nzcard and zqueue structs for the unplugged card or queue are not\nproperly freed because of a mismatch with get/put for the embedded\nkref counter.\n\nThis fix now adjusts the handling of the kref counters. With init the\nkref counter starts with 1. This initial value needs to drop to zero\nwith the unregister of the card or queue to trigger the release and\nfree the object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46968",
"url": "https://www.suse.com/security/cve/CVE-2021-46968"
},
{
"category": "external",
"summary": "SUSE Bug 1220689 for CVE-2021-46968",
"url": "https://bugzilla.suse.com/1220689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "low"
}
],
"title": "CVE-2021-46968"
},
{
"cve": "CVE-2021-46974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix masking negation logic upon negative dst register\n\nThe negation logic for the case where the off_reg is sitting in the\ndst register is not correct given then we cannot just invert the add\nto a sub or vice versa. As a fix, perform the final bitwise and-op\nunconditionally into AX from the off_reg, then move the pointer from\nthe src to dst and finally use AX as the source for the original\npointer arithmetic operation such that the inversion yields a correct\nresult. The single non-AX mov in between is possible given constant\nblinding is retaining it as it\u0027s not an immediate based operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46974",
"url": "https://www.suse.com/security/cve/CVE-2021-46974"
},
{
"category": "external",
"summary": "SUSE Bug 1220700 for CVE-2021-46974",
"url": "https://bugzilla.suse.com/1220700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-46974"
},
{
"cve": "CVE-2021-46989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46989"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: prevent corruption in shrinking truncate\n\nI believe there are some issues introduced by commit 31651c607151\n(\"hfsplus: avoid deadlock on file truncation\")\n\nHFS+ has extent records which always contains 8 extents. In case the\nfirst extent record in catalog file gets full, new ones are allocated from\nextents overflow file.\n\nIn case shrinking truncate happens to middle of an extent record which\nlocates in extents overflow file, the logic in hfsplus_file_truncate() was\nchanged so that call to hfs_brec_remove() is not guarded any more.\n\nRight action would be just freeing the extents that exceed the new size\ninside extent record by calling hfsplus_free_extents(), and then check if\nthe whole extent record should be removed. However since the guard\n(blk_cnt \u003e start) is now after the call to hfs_brec_remove(), this has\nunfortunate effect that the last matching extent record is removed\nunconditionally.\n\nTo reproduce this issue, create a file which has at least 10 extents, and\nthen perform shrinking truncate into middle of the last extent record, so\nthat the number of remaining extents is not under or divisible by 8. This\ncauses the last extent record (8 extents) to be removed totally instead of\ntruncating into middle of it. Thus this causes corruption, and lost data.\n\nFix for this is simply checking if the new truncated end is below the\nstart of this extent record, making it safe to remove the full extent\nrecord. However call to hfs_brec_remove() can\u0027t be moved to it\u0027s previous\nplace since we\u0027re dropping -\u003etree_lock and it can cause a race condition\nand the cached info being invalidated possibly corrupting the node data.\n\nAnother issue is related to this one. When entering into the block\n(blk_cnt \u003e start) we are not holding the -\u003etree_lock. We break out from\nthe loop not holding the lock, but hfs_find_exit() does unlock it. Not\nsure if it\u0027s possible for someone else to take the lock under our feet,\nbut it can cause hard to debug errors and premature unlocking. Even if\nthere\u0027s no real risk of it, the locking should still always be kept in\nbalance. Thus taking the lock now just before the check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46989",
"url": "https://www.suse.com/security/cve/CVE-2021-46989"
},
{
"category": "external",
"summary": "SUSE Bug 1220737 for CVE-2021-46989",
"url": "https://bugzilla.suse.com/1220737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-46989"
},
{
"cve": "CVE-2021-47005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix NULL pointer dereference for -\u003eget_features()\n\nget_features ops of pci_epc_ops may return NULL, causing NULL pointer\ndereference in pci_epf_test_alloc_space function. Let us add a check for\npci_epc_feature pointer in pci_epf_test_bind before we access it to avoid\nany such NULL pointer dereference and return -ENOTSUPP in case\npci_epc_feature is not found.\n\nWhen the patch is not applied and EPC features is not implemented in the\nplatform driver, we see the following dump due to kernel NULL pointer\ndereference.\n\nCall trace:\n pci_epf_test_bind+0xf4/0x388\n pci_epf_bind+0x3c/0x80\n pci_epc_epf_link+0xa8/0xcc\n configfs_symlink+0x1a4/0x48c\n vfs_symlink+0x104/0x184\n do_symlinkat+0x80/0xd4\n __arm64_sys_symlinkat+0x1c/0x24\n el0_svc_common.constprop.3+0xb8/0x170\n el0_svc_handler+0x70/0x88\n el0_svc+0x8/0x640\nCode: d2800581 b9403ab9 f9404ebb 8b394f60 (f9400400)\n---[ end trace a438e3c5a24f9df0 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47005",
"url": "https://www.suse.com/security/cve/CVE-2021-47005"
},
{
"category": "external",
"summary": "SUSE Bug 1220660 for CVE-2021-47005",
"url": "https://bugzilla.suse.com/1220660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-47005"
},
{
"cve": "CVE-2021-47012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix a use after free in siw_alloc_mr\n\nOur code analyzer reported a UAF.\n\nIn siw_alloc_mr(), it calls siw_mr_add_mem(mr,..). In the implementation of\nsiw_mr_add_mem(), mem is assigned to mr-\u003emem and then mem is freed via\nkfree(mem) if xa_alloc_cyclic() failed. Here, mr-\u003emem still point to a\nfreed object. After, the execution continue up to the err_out branch of\nsiw_alloc_mr, and the freed mr-\u003emem is used in siw_mr_drop_mem(mr).\n\nMy patch moves \"mr-\u003emem = mem\" behind the if (xa_alloc_cyclic(..)\u003c0) {}\nsection, to avoid the uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47012",
"url": "https://www.suse.com/security/cve/CVE-2021-47012"
},
{
"category": "external",
"summary": "SUSE Bug 1220627 for CVE-2021-47012",
"url": "https://bugzilla.suse.com/1220627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-47012"
},
{
"cve": "CVE-2021-47013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send\n\nIn emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).\nIf some error happens in emac_tx_fill_tpd(), the skb will be freed via\ndev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().\nBut the freed skb is still used via skb-\u003elen by netdev_sent_queue(,skb-\u003elen).\n\nAs i observed that emac_tx_fill_tpd() haven\u0027t modified the value of skb-\u003elen,\nthus my patch assigns skb-\u003elen to \u0027len\u0027 before the possible free and\nuse \u0027len\u0027 instead of skb-\u003elen later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47013",
"url": "https://www.suse.com/security/cve/CVE-2021-47013"
},
{
"category": "external",
"summary": "SUSE Bug 1220641 for CVE-2021-47013",
"url": "https://bugzilla.suse.com/1220641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-47013"
},
{
"cve": "CVE-2021-47054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: qcom: Put child node before return\n\nPut child node before return to fix potential reference count leak.\nGenerally, the reference count of child is incremented and decremented\nautomatically in the macro for_each_available_child_of_node() and should\nbe decremented manually if the loop is broken in loop body.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47054",
"url": "https://www.suse.com/security/cve/CVE-2021-47054"
},
{
"category": "external",
"summary": "SUSE Bug 1220767 for CVE-2021-47054",
"url": "https://bugzilla.suse.com/1220767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-47054"
},
{
"cve": "CVE-2021-47060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Stop looking for coalesced MMIO zones if the bus is destroyed\n\nAbort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev()\nfails to allocate memory for the new instance of the bus. If it can\u0027t\ninstantiate a new bus, unregister_dev() destroys all devices _except_ the\ntarget device. But, it doesn\u0027t tell the caller that it obliterated the\nbus and invoked the destructor for all devices that were on the bus. In\nthe coalesced MMIO case, this can result in a deleted list entry\ndereference due to attempting to continue iterating on coalesced_zones\nafter future entries (in the walk) have been deleted.\n\nOpportunistically add curly braces to the for-loop, which encompasses\nmany lines but sneaks by without braces due to the guts being a single\nif statement.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47060",
"url": "https://www.suse.com/security/cve/CVE-2021-47060"
},
{
"category": "external",
"summary": "SUSE Bug 1220742 for CVE-2021-47060",
"url": "https://bugzilla.suse.com/1220742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-47060"
},
{
"cve": "CVE-2021-47061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Destroy I/O bus devices on unregister failure _after_ sync\u0027ing SRCU\n\nIf allocating a new instance of an I/O bus fails when unregistering a\ndevice, wait to destroy the device until after all readers are guaranteed\nto see the new null bus. Destroying devices before the bus is nullified\ncould lead to use-after-free since readers expect the devices on their\nreference of the bus to remain valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47061",
"url": "https://www.suse.com/security/cve/CVE-2021-47061"
},
{
"category": "external",
"summary": "SUSE Bug 1220745 for CVE-2021-47061",
"url": "https://bugzilla.suse.com/1220745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-47061"
},
{
"cve": "CVE-2021-47069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry\n\ndo_mq_timedreceive calls wq_sleep with a stack local address. The\nsender (do_mq_timedsend) uses this address to later call pipelined_send.\n\nThis leads to a very hard to trigger race where a do_mq_timedreceive\ncall might return and leave do_mq_timedsend to rely on an invalid\naddress, causing the following crash:\n\n RIP: 0010:wake_q_add_safe+0x13/0x60\n Call Trace:\n __x64_sys_mq_timedsend+0x2a9/0x490\n do_syscall_64+0x80/0x680\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n RIP: 0033:0x7f5928e40343\n\nThe race occurs as:\n\n1. do_mq_timedreceive calls wq_sleep with the address of `struct\n ext_wait_queue` on function stack (aliased as `ewq_addr` here) - it\n holds a valid `struct ext_wait_queue *` as long as the stack has not\n been overwritten.\n\n2. `ewq_addr` gets added to info-\u003ee_wait_q[RECV].list in wq_add, and\n do_mq_timedsend receives it via wq_get_first_waiter(info, RECV) to call\n __pipelined_op.\n\n3. Sender calls __pipelined_op::smp_store_release(\u0026this-\u003estate,\n STATE_READY). Here is where the race window begins. (`this` is\n `ewq_addr`.)\n\n4. If the receiver wakes up now in do_mq_timedreceive::wq_sleep, it\n will see `state == STATE_READY` and break.\n\n5. do_mq_timedreceive returns, and `ewq_addr` is no longer guaranteed\n to be a `struct ext_wait_queue *` since it was on do_mq_timedreceive\u0027s\n stack. (Although the address may not get overwritten until another\n function happens to touch it, which means it can persist around for an\n indefinite time.)\n\n6. do_mq_timedsend::__pipelined_op() still believes `ewq_addr` is a\n `struct ext_wait_queue *`, and uses it to find a task_struct to pass to\n the wake_q_add_safe call. In the lucky case where nothing has\n overwritten `ewq_addr` yet, `ewq_addr-\u003etask` is the right task_struct.\n In the unlucky case, __pipelined_op::wake_q_add_safe gets handed a\n bogus address as the receiver\u0027s task_struct causing the crash.\n\ndo_mq_timedsend::__pipelined_op() should not dereference `this` after\nsetting STATE_READY, as the receiver counterpart is now free to return.\nChange __pipelined_op to call wake_q_add_safe on the receiver\u0027s\ntask_struct returned by get_task_struct, instead of dereferencing `this`\nwhich sits on the receiver\u0027s stack.\n\nAs Manfred pointed out, the race potentially also exists in\nipc/msg.c::expunge_all and ipc/sem.c::wake_up_sem_queue_prepare. Fix\nthose in the same way.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47069",
"url": "https://www.suse.com/security/cve/CVE-2021-47069"
},
{
"category": "external",
"summary": "SUSE Bug 1220826 for CVE-2021-47069",
"url": "https://bugzilla.suse.com/1220826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-47069"
},
{
"cve": "CVE-2021-47076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Return CQE error if invalid lkey was supplied\n\nRXE is missing update of WQE status in LOCAL_WRITE failures. This caused\nthe following kernel panic if someone sent an atomic operation with an\nexplicitly wrong lkey.\n\n[leonro@vm ~]$ mkt test\ntest_atomic_invalid_lkey (tests.test_atomic.AtomicTest) ...\n WARNING: CPU: 5 PID: 263 at drivers/infiniband/sw/rxe/rxe_comp.c:740 rxe_completer+0x1a6d/0x2e30 [rdma_rxe]\n Modules linked in: crc32_generic rdma_rxe ip6_udp_tunnel udp_tunnel rdma_ucm rdma_cm ib_umad ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5_core ptp pps_core\n CPU: 5 PID: 263 Comm: python3 Not tainted 5.13.0-rc1+ #2936\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:rxe_completer+0x1a6d/0x2e30 [rdma_rxe]\n Code: 03 0f 8e 65 0e 00 00 3b 93 10 06 00 00 0f 84 82 0a 00 00 4c 89 ff 4c 89 44 24 38 e8 2d 74 a9 e1 4c 8b 44 24 38 e9 1c f5 ff ff \u003c0f\u003e 0b e9 0c e8 ff ff b8 05 00 00 00 41 bf 05 00 00 00 e9 ab e7 ff\n RSP: 0018:ffff8880158af090 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff888016a78000 RCX: ffffffffa0cf1652\n RDX: 1ffff9200004b442 RSI: 0000000000000004 RDI: ffffc9000025a210\n RBP: dffffc0000000000 R08: 00000000ffffffea R09: ffff88801617740b\n R10: ffffed1002c2ee81 R11: 0000000000000007 R12: ffff88800f3b63e8\n R13: ffff888016a78008 R14: ffffc9000025a180 R15: 000000000000000c\n FS: 00007f88b622a740(0000) GS:ffff88806d540000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f88b5a1fa10 CR3: 000000000d848004 CR4: 0000000000370ea0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n rxe_do_task+0x130/0x230 [rdma_rxe]\n rxe_rcv+0xb11/0x1df0 [rdma_rxe]\n rxe_loopback+0x157/0x1e0 [rdma_rxe]\n rxe_responder+0x5532/0x7620 [rdma_rxe]\n rxe_do_task+0x130/0x230 [rdma_rxe]\n rxe_rcv+0x9c8/0x1df0 [rdma_rxe]\n rxe_loopback+0x157/0x1e0 [rdma_rxe]\n rxe_requester+0x1efd/0x58c0 [rdma_rxe]\n rxe_do_task+0x130/0x230 [rdma_rxe]\n rxe_post_send+0x998/0x1860 [rdma_rxe]\n ib_uverbs_post_send+0xd5f/0x1220 [ib_uverbs]\n ib_uverbs_write+0x847/0xc80 [ib_uverbs]\n vfs_write+0x1c5/0x840\n ksys_write+0x176/0x1d0\n do_syscall_64+0x3f/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47076",
"url": "https://www.suse.com/security/cve/CVE-2021-47076"
},
{
"category": "external",
"summary": "SUSE Bug 1220860 for CVE-2021-47076",
"url": "https://bugzilla.suse.com/1220860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-47076"
},
{
"cve": "CVE-2021-47078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Clear all QP fields if creation failed\n\nrxe_qp_do_cleanup() relies on valid pointer values in QP for the properly\ncreated ones, but in case rxe_qp_from_init() failed it was filled with\ngarbage and caused tot the following error.\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 1 PID: 12560 at lib/refcount.c:28 refcount_warn_saturate+0x1d1/0x1e0 lib/refcount.c:28\n Modules linked in:\n CPU: 1 PID: 12560 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n RIP: 0010:refcount_warn_saturate+0x1d1/0x1e0 lib/refcount.c:28\n Code: e9 db fe ff ff 48 89 df e8 2c c2 ea fd e9 8a fe ff ff e8 72 6a a7 fd 48 c7 c7 e0 b2 c1 89 c6 05 dc 3a e6 09 01 e8 ee 74 fb 04 \u003c0f\u003e 0b e9 af fe ff ff 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55\n RSP: 0018:ffffc900097ceba8 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000040000 RSI: ffffffff815bb075 RDI: fffff520012f9d67\n RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000\n R10: ffffffff815b4eae R11: 0000000000000000 R12: ffff8880322a4800\n R13: ffff8880322a4940 R14: ffff888033044e00 R15: 0000000000000000\n FS: 00007f6eb2be3700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fdbe5d41000 CR3: 000000001d181000 CR4: 00000000001506e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n __refcount_sub_and_test include/linux/refcount.h:283 [inline]\n __refcount_dec_and_test include/linux/refcount.h:315 [inline]\n refcount_dec_and_test include/linux/refcount.h:333 [inline]\n kref_put include/linux/kref.h:64 [inline]\n rxe_qp_do_cleanup+0x96f/0xaf0 drivers/infiniband/sw/rxe/rxe_qp.c:805\n execute_in_process_context+0x37/0x150 kernel/workqueue.c:3327\n rxe_elem_release+0x9f/0x180 drivers/infiniband/sw/rxe/rxe_pool.c:391\n kref_put include/linux/kref.h:65 [inline]\n rxe_create_qp+0x2cd/0x310 drivers/infiniband/sw/rxe/rxe_verbs.c:425\n _ib_create_qp drivers/infiniband/core/core_priv.h:331 [inline]\n ib_create_named_qp+0x2ad/0x1370 drivers/infiniband/core/verbs.c:1231\n ib_create_qp include/rdma/ib_verbs.h:3644 [inline]\n create_mad_qp+0x177/0x2d0 drivers/infiniband/core/mad.c:2920\n ib_mad_port_open drivers/infiniband/core/mad.c:3001 [inline]\n ib_mad_init_device+0xd6f/0x1400 drivers/infiniband/core/mad.c:3092\n add_client_context+0x405/0x5e0 drivers/infiniband/core/device.c:717\n enable_device_and_get+0x1cd/0x3b0 drivers/infiniband/core/device.c:1331\n ib_register_device drivers/infiniband/core/device.c:1413 [inline]\n ib_register_device+0x7c7/0xa50 drivers/infiniband/core/device.c:1365\n rxe_register_device+0x3d5/0x4a0 drivers/infiniband/sw/rxe/rxe_verbs.c:1147\n rxe_add+0x12fe/0x16d0 drivers/infiniband/sw/rxe/rxe.c:247\n rxe_net_add+0x8c/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:503\n rxe_newlink drivers/infiniband/sw/rxe/rxe.c:269 [inline]\n rxe_newlink+0xb7/0xe0 drivers/infiniband/sw/rxe/rxe.c:250\n nldev_newlink+0x30e/0x550 drivers/infiniband/core/nldev.c:1555\n rdma_nl_rcv_msg+0x36d/0x690 drivers/infiniband/core/netlink.c:195\n rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]\n rdma_nl_rcv+0x2ee/0x430 drivers/infiniband/core/netlink.c:259\n netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]\n netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338\n netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927\n sock_sendmsg_nosec net/socket.c:654 [inline]\n sock_sendmsg+0xcf/0x120 net/socket.c:674\n ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350\n ___sys_sendmsg+0xf3/0x170 net/socket.c:2404\n __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433\n do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47\n entry_SYSCALL_64_after_hwframe+0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47078",
"url": "https://www.suse.com/security/cve/CVE-2021-47078"
},
{
"category": "external",
"summary": "SUSE Bug 1220863 for CVE-2021-47078",
"url": "https://bugzilla.suse.com/1220863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-47078"
},
{
"cve": "CVE-2021-47083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mediatek: fix global-out-of-bounds issue\n\nWhen eint virtual eint number is greater than gpio number,\nit maybe produce \u0027desc[eint_n]\u0027 size globle-out-of-bounds issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47083",
"url": "https://www.suse.com/security/cve/CVE-2021-47083"
},
{
"category": "external",
"summary": "SUSE Bug 1220917 for CVE-2021-47083",
"url": "https://bugzilla.suse.com/1220917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-47083"
},
{
"cve": "CVE-2022-20154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-20154"
}
],
"notes": [
{
"category": "general",
"text": "In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-20154",
"url": "https://www.suse.com/security/cve/CVE-2022-20154"
},
{
"category": "external",
"summary": "SUSE Bug 1200599 for CVE-2022-20154",
"url": "https://bugzilla.suse.com/1200599"
},
{
"category": "external",
"summary": "SUSE Bug 1200608 for CVE-2022-20154",
"url": "https://bugzilla.suse.com/1200608"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2022-20154",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2022-20154",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "important"
}
],
"title": "CVE-2022-20154"
},
{
"cve": "CVE-2022-48627",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48627"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: fix memory overlapping when deleting chars in the buffer\n\nA memory overlapping copy occurs when deleting a long line. This memory\noverlapping copy can cause data corruption when scr_memcpyw is optimized\nto memcpy because memcpy does not ensure its behavior if the destination\nbuffer overlaps with the source buffer. The line buffer is not always\nbroken, because the memcpy utilizes the hardware acceleration, whose\nresult is not deterministic.\n\nFix this problem by using replacing the scr_memcpyw with scr_memmovew.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48627",
"url": "https://www.suse.com/security/cve/CVE-2022-48627"
},
{
"category": "external",
"summary": "SUSE Bug 1220845 for CVE-2022-48627",
"url": "https://bugzilla.suse.com/1220845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2022-48627"
},
{
"cve": "CVE-2023-28746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28746"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28746",
"url": "https://www.suse.com/security/cve/CVE-2023-28746"
},
{
"category": "external",
"summary": "SUSE Bug 1213456 for CVE-2023-28746",
"url": "https://bugzilla.suse.com/1213456"
},
{
"category": "external",
"summary": "SUSE Bug 1221323 for CVE-2023-28746",
"url": "https://bugzilla.suse.com/1221323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-28746"
},
{
"cve": "CVE-2023-35827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-35827"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-35827",
"url": "https://www.suse.com/security/cve/CVE-2023-35827"
},
{
"category": "external",
"summary": "SUSE Bug 1212514 for CVE-2023-35827",
"url": "https://bugzilla.suse.com/1212514"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2023-35827",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2023-35827",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-35827"
},
{
"cve": "CVE-2023-46343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46343",
"url": "https://www.suse.com/security/cve/CVE-2023-46343"
},
{
"category": "external",
"summary": "SUSE Bug 1219125 for CVE-2023-46343",
"url": "https://bugzilla.suse.com/1219125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-46343"
},
{
"cve": "CVE-2023-51042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-51042"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-51042",
"url": "https://www.suse.com/security/cve/CVE-2023-51042"
},
{
"category": "external",
"summary": "SUSE Bug 1219128 for CVE-2023-51042",
"url": "https://bugzilla.suse.com/1219128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-51042"
},
{
"cve": "CVE-2023-52340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52340"
}
],
"notes": [
{
"category": "general",
"text": "The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52340",
"url": "https://www.suse.com/security/cve/CVE-2023-52340"
},
{
"category": "external",
"summary": "SUSE Bug 1219295 for CVE-2023-52340",
"url": "https://bugzilla.suse.com/1219295"
},
{
"category": "external",
"summary": "SUSE Bug 1219296 for CVE-2023-52340",
"url": "https://bugzilla.suse.com/1219296"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2023-52340",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2023-52340",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "important"
}
],
"title": "CVE-2023-52340"
},
{
"cve": "CVE-2023-52429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52429"
}
],
"notes": [
{
"category": "general",
"text": "dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52429",
"url": "https://www.suse.com/security/cve/CVE-2023-52429"
},
{
"category": "external",
"summary": "SUSE Bug 1219827 for CVE-2023-52429",
"url": "https://bugzilla.suse.com/1219827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52429"
},
{
"cve": "CVE-2023-52439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52439"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuio: Fix use-after-free in uio_open\n\ncore-1\t\t\t\tcore-2\n-------------------------------------------------------\nuio_unregister_device\t\tuio_open\n\t\t\t\tidev = idr_find()\ndevice_unregister(\u0026idev-\u003edev)\nput_device(\u0026idev-\u003edev)\nuio_device_release\n\t\t\t\tget_device(\u0026idev-\u003edev)\nkfree(idev)\nuio_free_minor(minor)\n\t\t\t\tuio_release\n\t\t\t\tput_device(\u0026idev-\u003edev)\n\t\t\t\tkfree(idev)\n-------------------------------------------------------\n\nIn the core-1 uio_unregister_device(), the device_unregister will kfree\nidev when the idev-\u003edev kobject ref is 1. But after core-1\ndevice_unregister, put_device and before doing kfree, the core-2 may\nget_device. Then:\n1. After core-1 kfree idev, the core-2 will do use-after-free for idev.\n2. When core-2 do uio_release and put_device, the idev will be double\n freed.\n\nTo address this issue, we can get idev atomic \u0026 inc idev reference with\nminor_lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52439",
"url": "https://www.suse.com/security/cve/CVE-2023-52439"
},
{
"category": "external",
"summary": "SUSE Bug 1220140 for CVE-2023-52439",
"url": "https://bugzilla.suse.com/1220140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52439"
},
{
"cve": "CVE-2023-52443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52443"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: avoid crash when parsed profile name is empty\n\nWhen processing a packed profile in unpack_profile() described like\n\n \"profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}\"\n\na string \":samba-dcerpcd\" is unpacked as a fully-qualified name and then\npassed to aa_splitn_fqname().\n\naa_splitn_fqname() treats \":samba-dcerpcd\" as only containing a namespace.\nThus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later\naa_alloc_profile() crashes as the new profile name is NULL now.\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\nRIP: 0010:strlen+0x1e/0xa0\nCall Trace:\n \u003cTASK\u003e\n ? strlen+0x1e/0xa0\n aa_policy_init+0x1bb/0x230\n aa_alloc_profile+0xb1/0x480\n unpack_profile+0x3bc/0x4960\n aa_unpack+0x309/0x15e0\n aa_replace_profiles+0x213/0x33c0\n policy_update+0x261/0x370\n profile_replace+0x20e/0x2a0\n vfs_write+0x2af/0xe00\n ksys_write+0x126/0x250\n do_syscall_64+0x46/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n \u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\nRIP: 0010:strlen+0x1e/0xa0\n\nIt seems such behaviour of aa_splitn_fqname() is expected and checked in\nother places where it is called (e.g. aa_remove_profiles). Well, there\nis an explicit comment \"a ns name without a following profile is allowed\"\ninside.\n\nAFAICS, nothing can prevent unpacked \"name\" to be in form like\n\":samba-dcerpcd\" - it is passed from userspace.\n\nDeny the whole profile set replacement in such case and inform user with\nEPROTO and an explaining message.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52443",
"url": "https://www.suse.com/security/cve/CVE-2023-52443"
},
{
"category": "external",
"summary": "SUSE Bug 1220240 for CVE-2023-52443",
"url": "https://bugzilla.suse.com/1220240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52443"
},
{
"cve": "CVE-2023-52445",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52445"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix use after free on context disconnection\n\nUpon module load, a kthread is created targeting the\npvr2_context_thread_func function, which may call pvr2_context_destroy\nand thus call kfree() on the context object. However, that might happen\nbefore the usb hub_event handler is able to notify the driver. This\npatch adds a sanity check before the invalid read reported by syzbot,\nwithin the context disconnection call stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52445",
"url": "https://www.suse.com/security/cve/CVE-2023-52445"
},
{
"category": "external",
"summary": "SUSE Bug 1220241 for CVE-2023-52445",
"url": "https://bugzilla.suse.com/1220241"
},
{
"category": "external",
"summary": "SUSE Bug 1220315 for CVE-2023-52445",
"url": "https://bugzilla.suse.com/1220315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52445"
},
{
"cve": "CVE-2023-52448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52448"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump\n\nSyzkaller has reported a NULL pointer dereference when accessing\nrgd-\u003erd_rgl in gfs2_rgrp_dump(). This can happen when creating\nrgd-\u003erd_gl fails in read_rindex_entry(). Add a NULL pointer check in\ngfs2_rgrp_dump() to prevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52448",
"url": "https://www.suse.com/security/cve/CVE-2023-52448"
},
{
"category": "external",
"summary": "SUSE Bug 1220253 for CVE-2023-52448",
"url": "https://bugzilla.suse.com/1220253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52448"
},
{
"cve": "CVE-2023-52449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52449"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: Fix gluebi NULL pointer dereference caused by ftl notifier\n\nIf both ftl.ko and gluebi.ko are loaded, the notifier of ftl\ntriggers NULL pointer dereference when trying to access\n\u0027gluebi-\u003edesc\u0027 in gluebi_read().\n\nubi_gluebi_init\n ubi_register_volume_notifier\n ubi_enumerate_volumes\n ubi_notify_all\n gluebi_notify nb-\u003enotifier_call()\n gluebi_create\n mtd_device_register\n mtd_device_parse_register\n add_mtd_device\n blktrans_notify_add not-\u003eadd()\n ftl_add_mtd tr-\u003eadd_mtd()\n scan_header\n mtd_read\n mtd_read_oob\n mtd_read_oob_std\n gluebi_read mtd-\u003eread()\n gluebi-\u003edesc - NULL\n\nDetailed reproduction information available at the Link [1],\n\nIn the normal case, obtain gluebi-\u003edesc in the gluebi_get_device(),\nand access gluebi-\u003edesc in the gluebi_read(). However,\ngluebi_get_device() is not executed in advance in the\nftl_add_mtd() process, which leads to NULL pointer dereference.\n\nThe solution for the gluebi module is to run jffs2 on the UBI\nvolume without considering working with ftl or mtdblock [2].\nTherefore, this problem can be avoided by preventing gluebi from\ncreating the mtdblock device after creating mtd partition of the\ntype MTD_UBIVOLUME.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52449",
"url": "https://www.suse.com/security/cve/CVE-2023-52449"
},
{
"category": "external",
"summary": "SUSE Bug 1220238 for CVE-2023-52449",
"url": "https://bugzilla.suse.com/1220238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52449"
},
{
"cve": "CVE-2023-52451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52451"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/memhp: Fix access beyond end of drmem array\n\ndlpar_memory_remove_by_index() may access beyond the bounds of the\ndrmem lmb array when the LMB lookup fails to match an entry with the\ngiven DRC index. When the search fails, the cursor is left pointing to\n\u0026drmem_info-\u003elmbs[drmem_info-\u003en_lmbs], which is one element past the\nlast valid entry in the array. The debug message at the end of the\nfunction then dereferences this pointer:\n\n pr_debug(\"Failed to hot-remove memory at %llx\\n\",\n lmb-\u003ebase_addr);\n\nThis was found by inspection and confirmed with KASAN:\n\n pseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658\n Read of size 8 at addr c000000364e97fd0 by task bash/949\n\n dump_stack_lvl+0xa4/0xfc (unreliable)\n print_report+0x214/0x63c\n kasan_report+0x140/0x2e0\n __asan_load8+0xa8/0xe0\n dlpar_memory+0x298/0x1658\n handle_dlpar_errorlog+0x130/0x1d0\n dlpar_store+0x18c/0x3e0\n kobj_attr_store+0x68/0xa0\n sysfs_kf_write+0xc4/0x110\n kernfs_fop_write_iter+0x26c/0x390\n vfs_write+0x2d4/0x4e0\n ksys_write+0xac/0x1a0\n system_call_exception+0x268/0x530\n system_call_vectored_common+0x15c/0x2ec\n\n Allocated by task 1:\n kasan_save_stack+0x48/0x80\n kasan_set_track+0x34/0x50\n kasan_save_alloc_info+0x34/0x50\n __kasan_kmalloc+0xd0/0x120\n __kmalloc+0x8c/0x320\n kmalloc_array.constprop.0+0x48/0x5c\n drmem_init+0x2a0/0x41c\n do_one_initcall+0xe0/0x5c0\n kernel_init_freeable+0x4ec/0x5a0\n kernel_init+0x30/0x1e0\n ret_from_kernel_user_thread+0x14/0x1c\n\n The buggy address belongs to the object at c000000364e80000\n which belongs to the cache kmalloc-128k of size 131072\n The buggy address is located 0 bytes to the right of\n allocated 98256-byte region [c000000364e80000, c000000364e97fd0)\n\n ==================================================================\n pseries-hotplug-mem: Failed to hot-remove memory at 0\n\nLog failed lookups with a separate message and dereference the\ncursor only when it points to a valid entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52451",
"url": "https://www.suse.com/security/cve/CVE-2023-52451"
},
{
"category": "external",
"summary": "SUSE Bug 1220250 for CVE-2023-52451",
"url": "https://bugzilla.suse.com/1220250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52451"
},
{
"cve": "CVE-2023-52463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52463"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: force RO when remounting if SetVariable is not supported\n\nIf SetVariable at runtime is not supported by the firmware we never assign\na callback for that function. At the same time mount the efivarfs as\nRO so no one can call that. However, we never check the permission flags\nwhen someone remounts the filesystem as RW. As a result this leads to a\ncrash looking like this:\n\n$ mount -o remount,rw /sys/firmware/efi/efivars\n$ efi-updatevar -f PK.auth PK\n\n[ 303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 303.280482] Mem abort info:\n[ 303.280854] ESR = 0x0000000086000004\n[ 303.281338] EC = 0x21: IABT (current EL), IL = 32 bits\n[ 303.282016] SET = 0, FnV = 0\n[ 303.282414] EA = 0, S1PTW = 0\n[ 303.282821] FSC = 0x04: level 0 translation fault\n[ 303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000\n[ 303.284913] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 303.286076] Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n[ 303.286936] Modules linked in: qrtr tpm_tis tpm_tis_core crct10dif_ce arm_smccc_trng rng_core drm fuse ip_tables x_tables ipv6\n[ 303.288586] CPU: 1 PID: 755 Comm: efi-updatevar Not tainted 6.3.0-rc1-00108-gc7d0c4695c68 #1\n[ 303.289748] Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.04-00627-g88336918701d 04/01/2023\n[ 303.291150] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 303.292123] pc : 0x0\n[ 303.292443] lr : efivar_set_variable_locked+0x74/0xec\n[ 303.293156] sp : ffff800008673c10\n[ 303.293619] x29: ffff800008673c10 x28: ffff0000037e8000 x27: 0000000000000000\n[ 303.294592] x26: 0000000000000800 x25: ffff000002467400 x24: 0000000000000027\n[ 303.295572] x23: ffffd49ea9832000 x22: ffff0000020c9800 x21: ffff000002467000\n[ 303.296566] x20: 0000000000000001 x19: 00000000000007fc x18: 0000000000000000\n[ 303.297531] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaac807ab54\n[ 303.298495] x14: ed37489f673633c0 x13: 71c45c606de13f80 x12: 47464259e219acf4\n[ 303.299453] x11: ffff000002af7b01 x10: 0000000000000003 x9 : 0000000000000002\n[ 303.300431] x8 : 0000000000000010 x7 : ffffd49ea8973230 x6 : 0000000000a85201\n[ 303.301412] x5 : 0000000000000000 x4 : ffff0000020c9800 x3 : 00000000000007fc\n[ 303.302370] x2 : 0000000000000027 x1 : ffff000002467400 x0 : ffff000002467000\n[ 303.303341] Call trace:\n[ 303.303679] 0x0\n[ 303.303938] efivar_entry_set_get_size+0x98/0x16c\n[ 303.304585] efivarfs_file_write+0xd0/0x1a4\n[ 303.305148] vfs_write+0xc4/0x2e4\n[ 303.305601] ksys_write+0x70/0x104\n[ 303.306073] __arm64_sys_write+0x1c/0x28\n[ 303.306622] invoke_syscall+0x48/0x114\n[ 303.307156] el0_svc_common.constprop.0+0x44/0xec\n[ 303.307803] do_el0_svc+0x38/0x98\n[ 303.308268] el0_svc+0x2c/0x84\n[ 303.308702] el0t_64_sync_handler+0xf4/0x120\n[ 303.309293] el0t_64_sync+0x190/0x194\n[ 303.309794] Code: ???????? ???????? ???????? ???????? (????????)\n[ 303.310612] ---[ end trace 0000000000000000 ]---\n\nFix this by adding a .reconfigure() function to the fs operations which\nwe can use to check the requested flags and deny anything that\u0027s not RO\nif the firmware doesn\u0027t implement SetVariable at runtime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52463",
"url": "https://www.suse.com/security/cve/CVE-2023-52463"
},
{
"category": "external",
"summary": "SUSE Bug 1220328 for CVE-2023-52463",
"url": "https://bugzilla.suse.com/1220328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52463"
},
{
"cve": "CVE-2023-52475",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52475"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: powermate - fix use-after-free in powermate_config_complete\n\nsyzbot has found a use-after-free bug [1] in the powermate driver. This\nhappens when the device is disconnected, which leads to a memory free from\nthe powermate_device struct. When an asynchronous control message\ncompletes after the kfree and its callback is invoked, the lock does not\nexist anymore and hence the bug.\n\nUse usb_kill_urb() on pm-\u003econfig to cancel any in-progress requests upon\ndevice disconnection.\n\n[1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52475",
"url": "https://www.suse.com/security/cve/CVE-2023-52475"
},
{
"category": "external",
"summary": "SUSE Bug 1220649 for CVE-2023-52475",
"url": "https://bugzilla.suse.com/1220649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52475"
},
{
"cve": "CVE-2023-52478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52478"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: logitech-hidpp: Fix kernel crash on receiver USB disconnect\n\nhidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU)\nraces when it races with itself.\n\nhidpp_connect_event() primarily runs from a workqueue but it also runs\non probe() and if a \"device-connected\" packet is received by the hw\nwhen the thread running hidpp_connect_event() from probe() is waiting on\nthe hw, then a second thread running hidpp_connect_event() will be\nstarted from the workqueue.\n\nThis opens the following races (note the below code is simplified):\n\n1. Retrieving + printing the protocol (harmless race):\n\n\tif (!hidpp-\u003eprotocol_major) {\n\t\thidpp_root_get_protocol_version()\n\t\thidpp-\u003eprotocol_major = response.rap.params[0];\n\t}\n\nWe can actually see this race hit in the dmesg in the abrt output\nattached to rhbz#2227968:\n\n[ 3064.624215] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected.\n[ 3064.658184] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected.\n\nTesting with extra logging added has shown that after this the 2 threads\ntake turn grabbing the hw access mutex (send_mutex) so they ping-pong\nthrough all the other TOCTOU cases managing to hit all of them:\n\n2. Updating the name to the HIDPP name (harmless race):\n\n\tif (hidpp-\u003ename == hdev-\u003ename) {\n\t\t...\n\t\thidpp-\u003ename = new_name;\n\t}\n\n3. Initializing the power_supply class for the battery (problematic!):\n\nhidpp_initialize_battery()\n{\n if (hidpp-\u003ebattery.ps)\n return 0;\n\n\tprobe_battery(); /* Blocks, threads take turns executing this */\n\n\thidpp-\u003ebattery.desc.properties =\n\t\tdevm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);\n\n\thidpp-\u003ebattery.ps =\n\t\tdevm_power_supply_register(\u0026hidpp-\u003ehid_dev-\u003edev,\n\t\t\t\t\t \u0026hidpp-\u003ebattery.desc, cfg);\n}\n\n4. Creating delayed input_device (potentially problematic):\n\n\tif (hidpp-\u003edelayed_input)\n\t\treturn;\n\n\thidpp-\u003edelayed_input = hidpp_allocate_input(hdev);\n\nThe really big problem here is 3. Hitting the race leads to the following\nsequence:\n\n\thidpp-\u003ebattery.desc.properties =\n\t\tdevm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);\n\n\thidpp-\u003ebattery.ps =\n\t\tdevm_power_supply_register(\u0026hidpp-\u003ehid_dev-\u003edev,\n\t\t\t\t\t \u0026hidpp-\u003ebattery.desc, cfg);\n\n\t...\n\n\thidpp-\u003ebattery.desc.properties =\n\t\tdevm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);\n\n\thidpp-\u003ebattery.ps =\n\t\tdevm_power_supply_register(\u0026hidpp-\u003ehid_dev-\u003edev,\n\t\t\t\t\t \u0026hidpp-\u003ebattery.desc, cfg);\n\nSo now we have registered 2 power supplies for the same battery,\nwhich looks a bit weird from userspace\u0027s pov but this is not even\nthe really big problem.\n\nNotice how:\n\n1. This is all devm-maganaged\n2. The hidpp-\u003ebattery.desc struct is shared between the 2 power supplies\n3. hidpp-\u003ebattery.desc.properties points to the result from the second\n devm_kmemdup()\n\nThis causes a use after free scenario on USB disconnect of the receiver:\n1. The last registered power supply class device gets unregistered\n2. The memory from the last devm_kmemdup() call gets freed,\n hidpp-\u003ebattery.desc.properties now points to freed memory\n3. The first registered power supply class device gets unregistered,\n this involves sending a remove uevent to userspace which invokes\n power_supply_uevent() to fill the uevent data\n4. power_supply_uevent() uses hidpp-\u003ebattery.desc.properties which\n now points to freed memory leading to backtraces like this one:\n\nSep 22 20:01:35 eric kernel: BUG: unable to handle page fault for address: ffffb2140e017f08\n...\nSep 22 20:01:35 eric kernel: Workqueue: usb_hub_wq hub_event\nSep 22 20:01:35 eric kernel: RIP: 0010:power_supply_uevent+0xee/0x1d0\n...\nSep 22 20:01:35 eric kernel: ? asm_exc_page_fault+0x26/0x30\nSep 22 20:01:35 eric kernel: ? power_supply_uevent+0xee/0x1d0\nSep 22 20:01:35 eric kernel: ? power_supply_uevent+0x10d/0x1d0\nSep 22 20:01:35 eric kernel: dev_uevent+0x10f/0x2d0\nSep 22 20:01:35 eric kernel: kobject_uevent_env+0x291/0x680\nSep 22 20:01:35 eric kernel: \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52478",
"url": "https://www.suse.com/security/cve/CVE-2023-52478"
},
{
"category": "external",
"summary": "SUSE Bug 1220796 for CVE-2023-52478",
"url": "https://bugzilla.suse.com/1220796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52478"
},
{
"cve": "CVE-2023-52482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52482"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/srso: Add SRSO mitigation for Hygon processors\n\nAdd mitigation for the speculative return stack overflow vulnerability\nwhich exists on Hygon processors too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52482",
"url": "https://www.suse.com/security/cve/CVE-2023-52482"
},
{
"category": "external",
"summary": "SUSE Bug 1220735 for CVE-2023-52482",
"url": "https://bugzilla.suse.com/1220735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52482"
},
{
"cve": "CVE-2023-52502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52502"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\n\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\n\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\n\nnfc_llcp_sock_get_sn() has a similar problem.\n\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52502",
"url": "https://www.suse.com/security/cve/CVE-2023-52502"
},
{
"category": "external",
"summary": "SUSE Bug 1220831 for CVE-2023-52502",
"url": "https://bugzilla.suse.com/1220831"
},
{
"category": "external",
"summary": "SUSE Bug 1220832 for CVE-2023-52502",
"url": "https://bugzilla.suse.com/1220832"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2023-52502",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2023-52502",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "important"
}
],
"title": "CVE-2023-52502"
},
{
"cve": "CVE-2023-52530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52530"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix potential key use-after-free\n\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn\u0027t happen\nsince it\u0027s only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52530",
"url": "https://www.suse.com/security/cve/CVE-2023-52530"
},
{
"category": "external",
"summary": "SUSE Bug 1220930 for CVE-2023-52530",
"url": "https://bugzilla.suse.com/1220930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52530"
},
{
"cve": "CVE-2023-52531",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52531"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: Fix a memory corruption issue\n\nA few lines above, space is kzalloc()\u0027ed for:\n\tsizeof(struct iwl_nvm_data) +\n\tsizeof(struct ieee80211_channel) +\n\tsizeof(struct ieee80211_rate)\n\n\u0027mvm-\u003envm_data\u0027 is a \u0027struct iwl_nvm_data\u0027, so it is fine.\n\nAt the end of this structure, there is the \u0027channels\u0027 flex array.\nEach element is of type \u0027struct ieee80211_channel\u0027.\nSo only 1 element is allocated in this array.\n\nWhen doing:\n mvm-\u003envm_data-\u003ebands[0].channels = mvm-\u003envm_data-\u003echannels;\nWe point at the first element of the \u0027channels\u0027 flex array.\nSo this is fine.\n\nHowever, when doing:\n mvm-\u003envm_data-\u003ebands[0].bitrates =\n\t\t\t(void *)((u8 *)mvm-\u003envm_data-\u003echannels + 1);\nbecause of the \"(u8 *)\" cast, we add only 1 to the address of the beginning\nof the flex array.\n\nIt is likely that we want point at the \u0027struct ieee80211_rate\u0027 allocated\njust after.\n\nRemove the spurious casting so that the pointer arithmetic works as\nexpected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52531",
"url": "https://www.suse.com/security/cve/CVE-2023-52531"
},
{
"category": "external",
"summary": "SUSE Bug 1220931 for CVE-2023-52531",
"url": "https://bugzilla.suse.com/1220931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52531"
},
{
"cve": "CVE-2023-52532",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52532"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix TX CQE error handling\n\nFor an unknown TX CQE error type (probably from a newer hardware),\nstill free the SKB, update the queue tail, etc., otherwise the\naccounting will be wrong.\n\nAlso, TX errors can be triggered by injecting corrupted packets, so\nreplace the WARN_ONCE to ratelimited error logging.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52532",
"url": "https://www.suse.com/security/cve/CVE-2023-52532"
},
{
"category": "external",
"summary": "SUSE Bug 1220932 for CVE-2023-52532",
"url": "https://bugzilla.suse.com/1220932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52532"
},
{
"cve": "CVE-2023-52569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52569"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: remove BUG() after failure to insert delayed dir index item\n\nInstead of calling BUG() when we fail to insert a delayed dir index item\ninto the delayed node\u0027s tree, we can just release all the resources we\nhave allocated/acquired before and return the error to the caller. This is\nfine because all existing call chains undo anything they have done before\ncalling btrfs_insert_delayed_dir_index() or BUG_ON (when creating pending\nsnapshots in the transaction commit path).\n\nSo remove the BUG() call and do proper error handling.\n\nThis relates to a syzbot report linked below, but does not fix it because\nit only prevents hitting a BUG(), it does not fix the issue where somehow\nwe attempt to use twice the same index number for different index items.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52569",
"url": "https://www.suse.com/security/cve/CVE-2023-52569"
},
{
"category": "external",
"summary": "SUSE Bug 1220918 for CVE-2023-52569",
"url": "https://bugzilla.suse.com/1220918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52569"
},
{
"cve": "CVE-2023-52574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: fix null-ptr-deref when team device type is changed\n\nGet a null-ptr-deref bug as follows with reproducer [1].\n\nBUG: kernel NULL pointer dereference, address: 0000000000000228\n...\nRIP: 0010:vlan_dev_hard_header+0x35/0x140 [8021q]\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x24/0x70\n ? page_fault_oops+0x82/0x150\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? vlan_dev_hard_header+0x35/0x140 [8021q]\n ? vlan_dev_hard_header+0x8e/0x140 [8021q]\n neigh_connected_output+0xb2/0x100\n ip6_finish_output2+0x1cb/0x520\n ? nf_hook_slow+0x43/0xc0\n ? ip6_mtu+0x46/0x80\n ip6_finish_output+0x2a/0xb0\n mld_sendpack+0x18f/0x250\n mld_ifc_work+0x39/0x160\n process_one_work+0x1e6/0x3f0\n worker_thread+0x4d/0x2f0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe5/0x120\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n\n[1]\n$ teamd -t team0 -d -c \u0027{\"runner\": {\"name\": \"loadbalance\"}}\u0027\n$ ip link add name t-dummy type dummy\n$ ip link add link t-dummy name t-dummy.100 type vlan id 100\n$ ip link add name t-nlmon type nlmon\n$ ip link set t-nlmon master team0\n$ ip link set t-nlmon nomaster\n$ ip link set t-dummy up\n$ ip link set team0 up\n$ ip link set t-dummy.100 down\n$ ip link set t-dummy.100 master team0\n\nWhen enslave a vlan device to team device and team device type is changed\nfrom non-ether to ether, header_ops of team device is changed to\nvlan_header_ops. That is incorrect and will trigger null-ptr-deref\nfor vlan-\u003ereal_dev in vlan_dev_hard_header() because team device is not\na vlan device.\n\nCache eth_header_ops in team_setup(), then assign cached header_ops to\nheader_ops of team net device when its type is changed from non-ether\nto ether to fix the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52574",
"url": "https://www.suse.com/security/cve/CVE-2023-52574"
},
{
"category": "external",
"summary": "SUSE Bug 1220870 for CVE-2023-52574",
"url": "https://bugzilla.suse.com/1220870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52574"
},
{
"cve": "CVE-2023-52597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix setting of fpc register\n\nkvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control\n(fpc) register of a guest cpu. The new value is tested for validity by\ntemporarily loading it into the fpc register.\n\nThis may lead to corruption of the fpc register of the host process:\nif an interrupt happens while the value is temporarily loaded into the fpc\nregister, and within interrupt context floating point or vector registers\nare used, the current fp/vx registers are saved with save_fpu_regs()\nassuming they belong to user space and will be loaded into fp/vx registers\nwhen returning to user space.\n\ntest_fp_ctl() restores the original user space / host process fpc register\nvalue, however it will be discarded, when returning to user space.\n\nIn result the host process will incorrectly continue to run with the value\nthat was supposed to be used for a guest cpu.\n\nFix this by simply removing the test. There is another test right before\nthe SIE context is entered which will handles invalid values.\n\nThis results in a change of behaviour: invalid values will now be accepted\ninstead of that the ioctl fails with -EINVAL. This seems to be acceptable,\ngiven that this interface is most likely not used anymore, and this is in\naddition the same behaviour implemented with the memory mapped interface\n(replace invalid values with zero) - see sync_regs() in kvm-s390.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52597",
"url": "https://www.suse.com/security/cve/CVE-2023-52597"
},
{
"category": "external",
"summary": "SUSE Bug 1221040 for CVE-2023-52597",
"url": "https://bugzilla.suse.com/1221040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52597"
},
{
"cve": "CVE-2023-52605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52605"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52605",
"url": "https://www.suse.com/security/cve/CVE-2023-52605"
},
{
"category": "external",
"summary": "SUSE Bug 1221039 for CVE-2023-52605",
"url": "https://bugzilla.suse.com/1221039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-52605"
},
{
"cve": "CVE-2023-6817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6817"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.\n\nWe recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6817",
"url": "https://www.suse.com/security/cve/CVE-2023-6817"
},
{
"category": "external",
"summary": "SUSE Bug 1218195 for CVE-2023-6817",
"url": "https://bugzilla.suse.com/1218195"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2023-6817"
},
{
"cve": "CVE-2024-0340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0340"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0340",
"url": "https://www.suse.com/security/cve/CVE-2024-0340"
},
{
"category": "external",
"summary": "SUSE Bug 1218689 for CVE-2024-0340",
"url": "https://bugzilla.suse.com/1218689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "low"
}
],
"title": "CVE-2024-0340"
},
{
"cve": "CVE-2024-0607",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0607"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0607",
"url": "https://www.suse.com/security/cve/CVE-2024-0607"
},
{
"category": "external",
"summary": "SUSE Bug 1218915 for CVE-2024-0607",
"url": "https://bugzilla.suse.com/1218915"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-0607"
},
{
"cve": "CVE-2024-1151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1151"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1151",
"url": "https://www.suse.com/security/cve/CVE-2024-1151"
},
{
"category": "external",
"summary": "SUSE Bug 1219835 for CVE-2024-1151",
"url": "https://bugzilla.suse.com/1219835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-1151"
},
{
"cve": "CVE-2024-23849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23849"
}
],
"notes": [
{
"category": "general",
"text": "In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23849",
"url": "https://www.suse.com/security/cve/CVE-2024-23849"
},
{
"category": "external",
"summary": "SUSE Bug 1219127 for CVE-2024-23849",
"url": "https://bugzilla.suse.com/1219127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-23849"
},
{
"cve": "CVE-2024-23851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23851"
}
],
"notes": [
{
"category": "general",
"text": "copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel-\u003edata_size check. This is related to ctl_ioctl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23851",
"url": "https://www.suse.com/security/cve/CVE-2024-23851"
},
{
"category": "external",
"summary": "SUSE Bug 1219146 for CVE-2024-23851",
"url": "https://bugzilla.suse.com/1219146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-23851"
},
{
"cve": "CVE-2024-26585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between tx work scheduling and socket close\n\nSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete().\nReorder scheduling the work before calling complete().\nThis seems more logical in the first place, as it\u0027s\nthe inverse order of what the submitting thread will do.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26585",
"url": "https://www.suse.com/security/cve/CVE-2024-26585"
},
{
"category": "external",
"summary": "SUSE Bug 1220187 for CVE-2024-26585",
"url": "https://bugzilla.suse.com/1220187"
},
{
"category": "external",
"summary": "SUSE Bug 1220211 for CVE-2024-26585",
"url": "https://bugzilla.suse.com/1220211"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-26585",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-26585",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "important"
}
],
"title": "CVE-2024-26585"
},
{
"cve": "CVE-2024-26586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26586"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix stack corruption\n\nWhen tc filters are first added to a net device, the corresponding local\nport gets bound to an ACL group in the device. The group contains a list\nof ACLs. In turn, each ACL points to a different TCAM region where the\nfilters are stored. During forwarding, the ACLs are sequentially\nevaluated until a match is found.\n\nOne reason to place filters in different regions is when they are added\nwith decreasing priorities and in an alternating order so that two\nconsecutive filters can never fit in the same region because of their\nkey usage.\n\nIn Spectrum-2 and newer ASICs the firmware started to report that the\nmaximum number of ACLs in a group is more than 16, but the layout of the\nregister that configures ACL groups (PAGT) was not updated to account\nfor that. It is therefore possible to hit stack corruption [1] in the\nrare case where more than 16 ACLs in a group are required.\n\nFix by limiting the maximum ACL group size to the minimum between what\nthe firmware reports and the maximum ACLs that fit in the PAGT register.\n\nAdd a test case to make sure the machine does not crash when this\ncondition is hit.\n\n[1]\nKernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120\n[...]\n dump_stack_lvl+0x36/0x50\n panic+0x305/0x330\n __stack_chk_fail+0x15/0x20\n mlxsw_sp_acl_tcam_group_update+0x116/0x120\n mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110\n mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20\n mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\n mlxsw_sp_acl_rule_add+0x47/0x240\n mlxsw_sp_flower_replace+0x1a9/0x1d0\n tc_setup_cb_add+0xdc/0x1c0\n fl_hw_replace_filter+0x146/0x1f0\n fl_change+0xc17/0x1360\n tc_new_tfilter+0x472/0xb90\n rtnetlink_rcv_msg+0x313/0x3b0\n netlink_rcv_skb+0x58/0x100\n netlink_unicast+0x244/0x390\n netlink_sendmsg+0x1e4/0x440\n ____sys_sendmsg+0x164/0x260\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xc0\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26586",
"url": "https://www.suse.com/security/cve/CVE-2024-26586"
},
{
"category": "external",
"summary": "SUSE Bug 1220243 for CVE-2024-26586",
"url": "https://bugzilla.suse.com/1220243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-26586"
},
{
"cve": "CVE-2024-26589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26589"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject variable offset alu on PTR_TO_FLOW_KEYS\n\nFor PTR_TO_FLOW_KEYS, check_flow_keys_access() only uses fixed off\nfor validation. However, variable offset ptr alu is not prohibited\nfor this ptr kind. So the variable offset is not checked.\n\nThe following prog is accepted:\n\n func#0 @0\n 0: R1=ctx() R10=fp0\n 0: (bf) r6 = r1 ; R1=ctx() R6_w=ctx()\n 1: (79) r7 = *(u64 *)(r6 +144) ; R6_w=ctx() R7_w=flow_keys()\n 2: (b7) r8 = 1024 ; R8_w=1024\n 3: (37) r8 /= 1 ; R8_w=scalar()\n 4: (57) r8 \u0026= 1024 ; R8_w=scalar(smin=smin32=0,\n smax=umax=smax32=umax32=1024,var_off=(0x0; 0x400))\n 5: (0f) r7 += r8\n mark_precise: frame0: last_idx 5 first_idx 0 subseq_idx -1\n mark_precise: frame0: regs=r8 stack= before 4: (57) r8 \u0026= 1024\n mark_precise: frame0: regs=r8 stack= before 3: (37) r8 /= 1\n mark_precise: frame0: regs=r8 stack= before 2: (b7) r8 = 1024\n 6: R7_w=flow_keys(smin=smin32=0,smax=umax=smax32=umax32=1024,var_off\n =(0x0; 0x400)) R8_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=1024,\n var_off=(0x0; 0x400))\n 6: (79) r0 = *(u64 *)(r7 +0) ; R0_w=scalar()\n 7: (95) exit\n\nThis prog loads flow_keys to r7, and adds the variable offset r8\nto r7, and finally causes out-of-bounds access:\n\n BUG: unable to handle page fault for address: ffffc90014c80038\n [...]\n Call Trace:\n \u003cTASK\u003e\n bpf_dispatcher_nop_func include/linux/bpf.h:1231 [inline]\n __bpf_prog_run include/linux/filter.h:651 [inline]\n bpf_prog_run include/linux/filter.h:658 [inline]\n bpf_prog_run_pin_on_cpu include/linux/filter.h:675 [inline]\n bpf_flow_dissect+0x15f/0x350 net/core/flow_dissector.c:991\n bpf_prog_test_run_flow_dissector+0x39d/0x620 net/bpf/test_run.c:1359\n bpf_prog_test_run kernel/bpf/syscall.c:4107 [inline]\n __sys_bpf+0xf8f/0x4560 kernel/bpf/syscall.c:5475\n __do_sys_bpf kernel/bpf/syscall.c:5561 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5559 [inline]\n __x64_sys_bpf+0x73/0xb0 kernel/bpf/syscall.c:5559\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFix this by rejecting ptr alu with variable offset on flow_keys.\nApplying the patch rejects the program with \"R7 pointer arithmetic\non flow_keys prohibited\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26589",
"url": "https://www.suse.com/security/cve/CVE-2024-26589"
},
{
"category": "external",
"summary": "SUSE Bug 1220255 for CVE-2024-26589",
"url": "https://bugzilla.suse.com/1220255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-26589"
},
{
"cve": "CVE-2024-26593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Fix block process call transactions\n\nAccording to the Intel datasheets, software must reset the block\nbuffer index twice for block process call transactions: once before\nwriting the outgoing data to the buffer, and once again before\nreading the incoming data from the buffer.\n\nThe driver is currently missing the second reset, causing the wrong\nportion of the block buffer to be read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26593",
"url": "https://www.suse.com/security/cve/CVE-2024-26593"
},
{
"category": "external",
"summary": "SUSE Bug 1220009 for CVE-2024-26593",
"url": "https://bugzilla.suse.com/1220009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-26593"
},
{
"cve": "CVE-2024-26595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26595"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path\n\nWhen calling mlxsw_sp_acl_tcam_region_destroy() from an error path after\nfailing to attach the region to an ACL group, we hit a NULL pointer\ndereference upon \u0027region-\u003egroup-\u003etcam\u0027 [1].\n\nFix by retrieving the \u0027tcam\u0027 pointer using mlxsw_sp_acl_to_tcam().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nRIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0\n[...]\nCall Trace:\n mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20\n mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\n mlxsw_sp_acl_rule_add+0x47/0x240\n mlxsw_sp_flower_replace+0x1a9/0x1d0\n tc_setup_cb_add+0xdc/0x1c0\n fl_hw_replace_filter+0x146/0x1f0\n fl_change+0xc17/0x1360\n tc_new_tfilter+0x472/0xb90\n rtnetlink_rcv_msg+0x313/0x3b0\n netlink_rcv_skb+0x58/0x100\n netlink_unicast+0x244/0x390\n netlink_sendmsg+0x1e4/0x440\n ____sys_sendmsg+0x164/0x260\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xc0\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26595",
"url": "https://www.suse.com/security/cve/CVE-2024-26595"
},
{
"category": "external",
"summary": "SUSE Bug 1220344 for CVE-2024-26595",
"url": "https://bugzilla.suse.com/1220344"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-26595"
},
{
"cve": "CVE-2024-26602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/membarrier: reduce the ability to hammer on sys_membarrier\n\nOn some systems, sys_membarrier can be very expensive, causing overall\nslowdowns for everything. So put a lock on the path in order to\nserialize the accesses to prevent the ability for this to be called at\ntoo high of a frequency and saturate the machine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26602",
"url": "https://www.suse.com/security/cve/CVE-2024-26602"
},
{
"category": "external",
"summary": "SUSE Bug 1220398 for CVE-2024-26602",
"url": "https://bugzilla.suse.com/1220398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-26602"
},
{
"cve": "CVE-2024-26607",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26607"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: sii902x: Fix probing race issue\n\nA null pointer dereference crash has been observed rarely on TI\nplatforms using sii9022 bridge:\n\n[ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x]\n[ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x]\n[ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm]\n[ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper]\n[ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_helper]\n[ 53.300510] drm_client_modeset_probe+0x1f0/0xbd4 [drm]\n[ 53.305958] __drm_fb_helper_initial_config_and_unlock+0x50/0x510 [drm_kms_helper]\n[ 53.313611] drm_fb_helper_initial_config+0x48/0x58 [drm_kms_helper]\n[ 53.320039] drm_fbdev_dma_client_hotplug+0x84/0xd4 [drm_dma_helper]\n[ 53.326401] drm_client_register+0x5c/0xa0 [drm]\n[ 53.331216] drm_fbdev_dma_setup+0xc8/0x13c [drm_dma_helper]\n[ 53.336881] tidss_probe+0x128/0x264 [tidss]\n[ 53.341174] platform_probe+0x68/0xc4\n[ 53.344841] really_probe+0x188/0x3c4\n[ 53.348501] __driver_probe_device+0x7c/0x16c\n[ 53.352854] driver_probe_device+0x3c/0x10c\n[ 53.357033] __device_attach_driver+0xbc/0x158\n[ 53.361472] bus_for_each_drv+0x88/0xe8\n[ 53.365303] __device_attach+0xa0/0x1b4\n[ 53.369135] device_initial_probe+0x14/0x20\n[ 53.373314] bus_probe_device+0xb0/0xb4\n[ 53.377145] deferred_probe_work_func+0xcc/0x124\n[ 53.381757] process_one_work+0x1f0/0x518\n[ 53.385770] worker_thread+0x1e8/0x3dc\n[ 53.389519] kthread+0x11c/0x120\n[ 53.392750] ret_from_fork+0x10/0x20\n\nThe issue here is as follows:\n\n- tidss probes, but is deferred as sii902x is still missing.\n- sii902x starts probing and enters sii902x_init().\n- sii902x calls drm_bridge_add(). Now the sii902x bridge is ready from\n DRM\u0027s perspective.\n- sii902x calls sii902x_audio_codec_init() and\n platform_device_register_data()\n- The registration of the audio platform device causes probing of the\n deferred devices.\n- tidss probes, which eventually causes sii902x_bridge_get_edid() to be\n called.\n- sii902x_bridge_get_edid() tries to use the i2c to read the edid.\n However, the sii902x driver has not set up the i2c part yet, leading\n to the crash.\n\nFix this by moving the drm_bridge_add() to the end of the\nsii902x_init(), which is also at the very end of sii902x_probe().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26607",
"url": "https://www.suse.com/security/cve/CVE-2024-26607"
},
{
"category": "external",
"summary": "SUSE Bug 1220736 for CVE-2024-26607",
"url": "https://bugzilla.suse.com/1220736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-26607"
},
{
"cve": "CVE-2024-26622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: fix UAF write bug in tomoyo_write_control()\n\nSince tomoyo_write_control() updates head-\u003ewrite_buf when write()\nof long lines is requested, we need to fetch head-\u003ewrite_buf after\nhead-\u003eio_sem is held. Otherwise, concurrent write() requests can\ncause use-after-free-write and double-free problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26622",
"url": "https://www.suse.com/security/cve/CVE-2024-26622"
},
{
"category": "external",
"summary": "SUSE Bug 1220825 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220825"
},
{
"category": "external",
"summary": "SUSE Bug 1220828 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.161.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.161.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.161.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-13T00:04:28Z",
"details": "important"
}
],
"title": "CVE-2024-26622"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…