suse-su-2024:1320-1
Vulnerability from csaf_suse
Published
2024-04-16 16:04
Modified
2024-04-16 16:04
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
The following non-security bugs were fixed:
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- group-source-files.pl: Quote filenames (boo#1221077).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
Patchnames
SUSE-2024-1320,SUSE-SLE-Micro-5.3-2024-1320,SUSE-SLE-Micro-5.4-2024-1320,openSUSE-Leap-Micro-5.3-2024-1320,openSUSE-Leap-Micro-5.4-2024-1320
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).\n- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).\n- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).\n- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).\n- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).\n- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).\n- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).\n- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).\n- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).\n- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).\n- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).\n- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).\n- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).\n- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).\n- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).\n- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).\n- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).\n- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).\n- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).\n- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).\n- CVE-2021-47102: Fixed incorrect structure access In line: upper = info-\u003eupper_dev in net/marvell/prestera (bsc#1221009).\n- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).\n- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).\n- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).\n- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).\n- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).\n- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).\n- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).\n- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).\n- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).\n- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).\n- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).\n- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).\n- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).\n- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).\n- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).\n- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).\n- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).\n- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).\n- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).\n- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).\n- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).\n- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).\n- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).\n- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).\n- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).\n- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).\n- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).\n- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).\n- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).\n- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).\n- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).\n- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).\n- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).\n- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).\n- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).\n- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).\n- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).\n- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).\n- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).\n- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).\n- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).\n- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).\n- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).\n- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).\n- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).\n- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)\n- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).\n- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).\n- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).\n\nThe following non-security bugs were fixed:\n\n- doc/README.SUSE: Update information about module support status (jsc#PED-5759)\n- group-source-files.pl: Quote filenames (boo#1221077).\n- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1320,SUSE-SLE-Micro-5.3-2024-1320,SUSE-SLE-Micro-5.4-2024-1320,openSUSE-Leap-Micro-5.3-2024-1320,openSUSE-Leap-Micro-5.4-2024-1320",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1320-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1320-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1320-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035000.html"
},
{
"category": "self",
"summary": "SUSE Bug 1212514",
"url": "https://bugzilla.suse.com/1212514"
},
{
"category": "self",
"summary": "SUSE Bug 1220237",
"url": "https://bugzilla.suse.com/1220237"
},
{
"category": "self",
"summary": "SUSE Bug 1220320",
"url": "https://bugzilla.suse.com/1220320"
},
{
"category": "self",
"summary": "SUSE Bug 1220340",
"url": "https://bugzilla.suse.com/1220340"
},
{
"category": "self",
"summary": "SUSE Bug 1220366",
"url": "https://bugzilla.suse.com/1220366"
},
{
"category": "self",
"summary": "SUSE Bug 1220411",
"url": "https://bugzilla.suse.com/1220411"
},
{
"category": "self",
"summary": "SUSE Bug 1220413",
"url": "https://bugzilla.suse.com/1220413"
},
{
"category": "self",
"summary": "SUSE Bug 1220439",
"url": "https://bugzilla.suse.com/1220439"
},
{
"category": "self",
"summary": "SUSE Bug 1220443",
"url": "https://bugzilla.suse.com/1220443"
},
{
"category": "self",
"summary": "SUSE Bug 1220445",
"url": "https://bugzilla.suse.com/1220445"
},
{
"category": "self",
"summary": "SUSE Bug 1220466",
"url": "https://bugzilla.suse.com/1220466"
},
{
"category": "self",
"summary": "SUSE Bug 1220478",
"url": "https://bugzilla.suse.com/1220478"
},
{
"category": "self",
"summary": "SUSE Bug 1220482",
"url": "https://bugzilla.suse.com/1220482"
},
{
"category": "self",
"summary": "SUSE Bug 1220484",
"url": "https://bugzilla.suse.com/1220484"
},
{
"category": "self",
"summary": "SUSE Bug 1220486",
"url": "https://bugzilla.suse.com/1220486"
},
{
"category": "self",
"summary": "SUSE Bug 1220487",
"url": "https://bugzilla.suse.com/1220487"
},
{
"category": "self",
"summary": "SUSE Bug 1220790",
"url": "https://bugzilla.suse.com/1220790"
},
{
"category": "self",
"summary": "SUSE Bug 1220831",
"url": "https://bugzilla.suse.com/1220831"
},
{
"category": "self",
"summary": "SUSE Bug 1220833",
"url": "https://bugzilla.suse.com/1220833"
},
{
"category": "self",
"summary": "SUSE Bug 1220836",
"url": "https://bugzilla.suse.com/1220836"
},
{
"category": "self",
"summary": "SUSE Bug 1220839",
"url": "https://bugzilla.suse.com/1220839"
},
{
"category": "self",
"summary": "SUSE Bug 1220840",
"url": "https://bugzilla.suse.com/1220840"
},
{
"category": "self",
"summary": "SUSE Bug 1220843",
"url": "https://bugzilla.suse.com/1220843"
},
{
"category": "self",
"summary": "SUSE Bug 1220870",
"url": "https://bugzilla.suse.com/1220870"
},
{
"category": "self",
"summary": "SUSE Bug 1220871",
"url": "https://bugzilla.suse.com/1220871"
},
{
"category": "self",
"summary": "SUSE Bug 1220872",
"url": "https://bugzilla.suse.com/1220872"
},
{
"category": "self",
"summary": "SUSE Bug 1220878",
"url": "https://bugzilla.suse.com/1220878"
},
{
"category": "self",
"summary": "SUSE Bug 1220879",
"url": "https://bugzilla.suse.com/1220879"
},
{
"category": "self",
"summary": "SUSE Bug 1220885",
"url": "https://bugzilla.suse.com/1220885"
},
{
"category": "self",
"summary": "SUSE Bug 1220898",
"url": "https://bugzilla.suse.com/1220898"
},
{
"category": "self",
"summary": "SUSE Bug 1220918",
"url": "https://bugzilla.suse.com/1220918"
},
{
"category": "self",
"summary": "SUSE Bug 1220920",
"url": "https://bugzilla.suse.com/1220920"
},
{
"category": "self",
"summary": "SUSE Bug 1220921",
"url": "https://bugzilla.suse.com/1220921"
},
{
"category": "self",
"summary": "SUSE Bug 1220926",
"url": "https://bugzilla.suse.com/1220926"
},
{
"category": "self",
"summary": "SUSE Bug 1220927",
"url": "https://bugzilla.suse.com/1220927"
},
{
"category": "self",
"summary": "SUSE Bug 1220929",
"url": "https://bugzilla.suse.com/1220929"
},
{
"category": "self",
"summary": "SUSE Bug 1220932",
"url": "https://bugzilla.suse.com/1220932"
},
{
"category": "self",
"summary": "SUSE Bug 1220938",
"url": "https://bugzilla.suse.com/1220938"
},
{
"category": "self",
"summary": "SUSE Bug 1220940",
"url": "https://bugzilla.suse.com/1220940"
},
{
"category": "self",
"summary": "SUSE Bug 1220954",
"url": "https://bugzilla.suse.com/1220954"
},
{
"category": "self",
"summary": "SUSE Bug 1220955",
"url": "https://bugzilla.suse.com/1220955"
},
{
"category": "self",
"summary": "SUSE Bug 1220959",
"url": "https://bugzilla.suse.com/1220959"
},
{
"category": "self",
"summary": "SUSE Bug 1220960",
"url": "https://bugzilla.suse.com/1220960"
},
{
"category": "self",
"summary": "SUSE Bug 1220961",
"url": "https://bugzilla.suse.com/1220961"
},
{
"category": "self",
"summary": "SUSE Bug 1220965",
"url": "https://bugzilla.suse.com/1220965"
},
{
"category": "self",
"summary": "SUSE Bug 1220969",
"url": "https://bugzilla.suse.com/1220969"
},
{
"category": "self",
"summary": "SUSE Bug 1220978",
"url": "https://bugzilla.suse.com/1220978"
},
{
"category": "self",
"summary": "SUSE Bug 1220979",
"url": "https://bugzilla.suse.com/1220979"
},
{
"category": "self",
"summary": "SUSE Bug 1220981",
"url": "https://bugzilla.suse.com/1220981"
},
{
"category": "self",
"summary": "SUSE Bug 1220982",
"url": "https://bugzilla.suse.com/1220982"
},
{
"category": "self",
"summary": "SUSE Bug 1220983",
"url": "https://bugzilla.suse.com/1220983"
},
{
"category": "self",
"summary": "SUSE Bug 1220985",
"url": "https://bugzilla.suse.com/1220985"
},
{
"category": "self",
"summary": "SUSE Bug 1220986",
"url": "https://bugzilla.suse.com/1220986"
},
{
"category": "self",
"summary": "SUSE Bug 1220987",
"url": "https://bugzilla.suse.com/1220987"
},
{
"category": "self",
"summary": "SUSE Bug 1220989",
"url": "https://bugzilla.suse.com/1220989"
},
{
"category": "self",
"summary": "SUSE Bug 1220990",
"url": "https://bugzilla.suse.com/1220990"
},
{
"category": "self",
"summary": "SUSE Bug 1221009",
"url": "https://bugzilla.suse.com/1221009"
},
{
"category": "self",
"summary": "SUSE Bug 1221012",
"url": "https://bugzilla.suse.com/1221012"
},
{
"category": "self",
"summary": "SUSE Bug 1221015",
"url": "https://bugzilla.suse.com/1221015"
},
{
"category": "self",
"summary": "SUSE Bug 1221022",
"url": "https://bugzilla.suse.com/1221022"
},
{
"category": "self",
"summary": "SUSE Bug 1221039",
"url": "https://bugzilla.suse.com/1221039"
},
{
"category": "self",
"summary": "SUSE Bug 1221040",
"url": "https://bugzilla.suse.com/1221040"
},
{
"category": "self",
"summary": "SUSE Bug 1221048",
"url": "https://bugzilla.suse.com/1221048"
},
{
"category": "self",
"summary": "SUSE Bug 1221055",
"url": "https://bugzilla.suse.com/1221055"
},
{
"category": "self",
"summary": "SUSE Bug 1221058",
"url": "https://bugzilla.suse.com/1221058"
},
{
"category": "self",
"summary": "SUSE Bug 1221077",
"url": "https://bugzilla.suse.com/1221077"
},
{
"category": "self",
"summary": "SUSE Bug 1221276",
"url": "https://bugzilla.suse.com/1221276"
},
{
"category": "self",
"summary": "SUSE Bug 1221551",
"url": "https://bugzilla.suse.com/1221551"
},
{
"category": "self",
"summary": "SUSE Bug 1221553",
"url": "https://bugzilla.suse.com/1221553"
},
{
"category": "self",
"summary": "SUSE Bug 1221725",
"url": "https://bugzilla.suse.com/1221725"
},
{
"category": "self",
"summary": "SUSE Bug 1222073",
"url": "https://bugzilla.suse.com/1222073"
},
{
"category": "self",
"summary": "SUSE Bug 1222619",
"url": "https://bugzilla.suse.com/1222619"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46925 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46926 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46927 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46929 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46930 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46931 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46933 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46936 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47082 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47087 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47091 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47093 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47094 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47095 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47096 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47097 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47098 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47099 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47100 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47101 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47102 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47104 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47105 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47107 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47108 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48626 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48626/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48629 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48630 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48630/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-35827 page",
"url": "https://www.suse.com/security/cve/CVE-2023-35827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52450 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52450/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52454 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52454/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52469 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52470 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52474 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52474/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52477 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52492 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52497 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52501 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52502 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52504 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52507 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52507/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52508 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52509 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52510 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52510/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52511 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52513 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52515 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52517 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52519 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52519/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52520 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52520/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52523 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52524 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52524/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52525 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52528 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52528/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52529 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52529/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52532 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52532/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52564 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52564/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52566 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52567 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52567/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52569 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52574 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52575 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52576 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52582 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52583 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52605 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52621 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-25742 page",
"url": "https://www.suse.com/security/cve/CVE-2024-25742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26600 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26600/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2024-04-16T16:04:08Z",
"generator": {
"date": "2024-04-16T16:04:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1320-1",
"initial_release_date": "2024-04-16T16:04:08Z",
"revision_history": [
{
"date": "2024-04-16T16:04:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.14.21-150400.15.76.1.noarch",
"product": {
"name": "kernel-devel-rt-5.14.21-150400.15.76.1.noarch",
"product_id": "kernel-devel-rt-5.14.21-150400.15.76.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"product": {
"name": "kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"product_id": "kernel-source-rt-5.14.21-150400.15.76.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.14.21-150400.15.76.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.14.21-150400.15.76.1.x86_64",
"product_id": "dlm-kmp-rt-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.14.21-150400.15.76.1.x86_64",
"product_id": "gfs2-kmp-rt-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "kernel-rt-5.14.21-150400.15.76.1.x86_64",
"product_id": "kernel-rt-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.14.21-150400.15.76.1.x86_64",
"product_id": "kernel-rt-devel-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.14.21-150400.15.76.1.x86_64",
"product_id": "kernel-rt-extra-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-5.14.21-150400.15.76.1.x86_64",
"product_id": "kernel-rt-livepatch-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.76.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.14.21-150400.15.76.1.x86_64",
"product_id": "kernel-rt-optional-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.14.21-150400.15.76.1.x86_64",
"product_id": "kernel-rt_debug-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.14.21-150400.15.76.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.14.21-150400.15.76.1.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.14.21-150400.15.76.1.x86_64",
"product_id": "kernel-syms-rt-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.14.21-150400.15.76.1.x86_64",
"product_id": "kselftests-kmp-rt-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.14.21-150400.15.76.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.14.21-150400.15.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.14.21-150400.15.76.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.14.21-150400.15.76.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.14.21-150400.15.76.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.4",
"product": {
"name": "openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.76.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.76.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.76.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.76.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.76.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.76.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.76.1.x86_64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.76.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.76.1.x86_64 as component of openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.76.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-46925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix kernel panic caused by race of smc_sock\n\nA crash occurs when smc_cdc_tx_handler() tries to access smc_sock\nbut smc_release() has already freed it.\n\n[ 4570.695099] BUG: unable to handle page fault for address: 000000002eae9e88\n[ 4570.696048] #PF: supervisor write access in kernel mode\n[ 4570.696728] #PF: error_code(0x0002) - not-present page\n[ 4570.697401] PGD 0 P4D 0\n[ 4570.697716] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[ 4570.698228] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc4+ #111\n[ 4570.699013] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 8c24b4c 04/0\n[ 4570.699933] RIP: 0010:_raw_spin_lock+0x1a/0x30\n\u003c...\u003e\n[ 4570.711446] Call Trace:\n[ 4570.711746] \u003cIRQ\u003e\n[ 4570.711992] smc_cdc_tx_handler+0x41/0xc0\n[ 4570.712470] smc_wr_tx_tasklet_fn+0x213/0x560\n[ 4570.712981] ? smc_cdc_tx_dismisser+0x10/0x10\n[ 4570.713489] tasklet_action_common.isra.17+0x66/0x140\n[ 4570.714083] __do_softirq+0x123/0x2f4\n[ 4570.714521] irq_exit_rcu+0xc4/0xf0\n[ 4570.714934] common_interrupt+0xba/0xe0\n\nThough smc_cdc_tx_handler() checked the existence of smc connection,\nsmc_release() may have already dismissed and released the smc socket\nbefore smc_cdc_tx_handler() further visits it.\n\nsmc_cdc_tx_handler() |smc_release()\nif (!conn) |\n |\n |smc_cdc_tx_dismiss_slots()\n | smc_cdc_tx_dismisser()\n |\n |sock_put(\u0026smc-\u003esk) \u003c- last sock_put,\n | smc_sock freed\nbh_lock_sock(\u0026smc-\u003esk) (panic) |\n\nTo make sure we won\u0027t receive any CDC messages after we free the\nsmc_sock, add a refcount on the smc_connection for inflight CDC\nmessage(posted to the QP but haven\u0027t received related CQE), and\ndon\u0027t release the smc_connection until all the inflight CDC messages\nhaven been done, for both success or failed ones.\n\nUsing refcount on CDC messages brings another problem: when the link\nis going to be destroyed, smcr_link_clear() will reset the QP, which\nthen remove all the pending CQEs related to the QP in the CQ. To make\nsure all the CQEs will always come back so the refcount on the\nsmc_connection can always reach 0, smc_ib_modify_qp_reset() was replaced\nby smc_ib_modify_qp_error().\nAnd remove the timeout in smc_wr_tx_wait_no_pending_sends() since we\nneed to wait for all pending WQEs done, or we may encounter use-after-\nfree when handling CQEs.\n\nFor IB device removal routine, we need to wait for all the QPs on that\ndevice been destroyed before we can destroy CQs on the device, or\nthe refcount on smc_connection won\u0027t reach 0 and smc_sock cannot be\nreleased.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46925",
"url": "https://www.suse.com/security/cve/CVE-2021-46925"
},
{
"category": "external",
"summary": "SUSE Bug 1220466 for CVE-2021-46925",
"url": "https://bugzilla.suse.com/1220466"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-46925"
},
{
"cve": "CVE-2021-46926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: intel-sdw-acpi: harden detection of controller\n\nThe existing code currently sets a pointer to an ACPI handle before\nchecking that it\u0027s actually a SoundWire controller. This can lead to\nissues where the graph walk continues and eventually fails, but the\npointer was set already.\n\nThis patch changes the logic so that the information provided to\nthe caller is set when a controller is found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46926",
"url": "https://www.suse.com/security/cve/CVE-2021-46926"
},
{
"category": "external",
"summary": "SUSE Bug 1220478 for CVE-2021-46926",
"url": "https://bugzilla.suse.com/1220478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "low"
}
],
"title": "CVE-2021-46926"
},
{
"cve": "CVE-2021-46927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert\n\nAfter commit 5b78ed24e8ec (\"mm/pagemap: add mmap_assert_locked()\nannotations to find_vma*()\"), the call to get_user_pages() will trigger\nthe mmap assert.\n\nstatic inline void mmap_assert_locked(struct mm_struct *mm)\n{\n\tlockdep_assert_held(\u0026mm-\u003emmap_lock);\n\tVM_BUG_ON_MM(!rwsem_is_locked(\u0026mm-\u003emmap_lock), mm);\n}\n\n[ 62.521410] kernel BUG at include/linux/mmap_lock.h:156!\n...........................................................\n[ 62.538938] RIP: 0010:find_vma+0x32/0x80\n...........................................................\n[ 62.605889] Call Trace:\n[ 62.608502] \u003cTASK\u003e\n[ 62.610956] ? lock_timer_base+0x61/0x80\n[ 62.614106] find_extend_vma+0x19/0x80\n[ 62.617195] __get_user_pages+0x9b/0x6a0\n[ 62.620356] __gup_longterm_locked+0x42d/0x450\n[ 62.623721] ? finish_wait+0x41/0x80\n[ 62.626748] ? __kmalloc+0x178/0x2f0\n[ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves]\n[ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves]\n[ 62.639541] __x64_sys_ioctl+0x82/0xb0\n[ 62.642620] do_syscall_64+0x3b/0x90\n[ 62.645642] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nUse get_user_pages_unlocked() when setting the enclave memory regions.\nThat\u0027s a similar pattern as mmap_read_lock() used together with\nget_user_pages().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46927",
"url": "https://www.suse.com/security/cve/CVE-2021-46927"
},
{
"category": "external",
"summary": "SUSE Bug 1220443 for CVE-2021-46927",
"url": "https://bugzilla.suse.com/1220443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-46927"
},
{
"cve": "CVE-2021-46929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: use call_rcu to free endpoint\n\nThis patch is to delay the endpoint free by calling call_rcu() to fix\nanother use-after-free issue in sctp_sock_dump():\n\n BUG: KASAN: use-after-free in __lock_acquire+0x36d9/0x4c20\n Call Trace:\n __lock_acquire+0x36d9/0x4c20 kernel/locking/lockdep.c:3218\n lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3844\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]\n _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168\n spin_lock_bh include/linux/spinlock.h:334 [inline]\n __lock_sock+0x203/0x350 net/core/sock.c:2253\n lock_sock_nested+0xfe/0x120 net/core/sock.c:2774\n lock_sock include/net/sock.h:1492 [inline]\n sctp_sock_dump+0x122/0xb20 net/sctp/diag.c:324\n sctp_for_each_transport+0x2b5/0x370 net/sctp/socket.c:5091\n sctp_diag_dump+0x3ac/0x660 net/sctp/diag.c:527\n __inet_diag_dump+0xa8/0x140 net/ipv4/inet_diag.c:1049\n inet_diag_dump+0x9b/0x110 net/ipv4/inet_diag.c:1065\n netlink_dump+0x606/0x1080 net/netlink/af_netlink.c:2244\n __netlink_dump_start+0x59a/0x7c0 net/netlink/af_netlink.c:2352\n netlink_dump_start include/linux/netlink.h:216 [inline]\n inet_diag_handler_cmd+0x2ce/0x3f0 net/ipv4/inet_diag.c:1170\n __sock_diag_cmd net/core/sock_diag.c:232 [inline]\n sock_diag_rcv_msg+0x31d/0x410 net/core/sock_diag.c:263\n netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2477\n sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:274\n\nThis issue occurs when asoc is peeled off and the old sk is freed after\ngetting it by asoc-\u003ebase.sk and before calling lock_sock(sk).\n\nTo prevent the sk free, as a holder of the sk, ep should be alive when\ncalling lock_sock(). This patch uses call_rcu() and moves sock_put and\nep free into sctp_endpoint_destroy_rcu(), so that it\u0027s safe to try to\nhold the ep under rcu_read_lock in sctp_transport_traverse_process().\n\nIf sctp_endpoint_hold() returns true, it means this ep is still alive\nand we have held it and can continue to dump it; If it returns false,\nit means this ep is dead and can be freed after rcu_read_unlock, and\nwe should skip it.\n\nIn sctp_sock_dump(), after locking the sk, if this ep is different from\ntsp-\u003easoc-\u003eep, it means during this dumping, this asoc was peeled off\nbefore calling lock_sock(), and the sk should be skipped; If this ep is\nthe same with tsp-\u003easoc-\u003eep, it means no peeloff happens on this asoc,\nand due to lock_sock, no peeloff will happen either until release_sock.\n\nNote that delaying endpoint free won\u0027t delay the port release, as the\nport release happens in sctp_endpoint_destroy() before calling call_rcu().\nAlso, freeing endpoint by call_rcu() makes it safe to access the sk by\nasoc-\u003ebase.sk in sctp_assocs_seq_show() and sctp_rcv().\n\nThanks Jones to bring this issue up.\n\nv1-\u003ev2:\n - improve the changelog.\n - add kfree(ep) into sctp_endpoint_destroy_rcu(), as Jakub noticed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46929",
"url": "https://www.suse.com/security/cve/CVE-2021-46929"
},
{
"category": "external",
"summary": "SUSE Bug 1220482 for CVE-2021-46929",
"url": "https://bugzilla.suse.com/1220482"
},
{
"category": "external",
"summary": "SUSE Bug 1222400 for CVE-2021-46929",
"url": "https://bugzilla.suse.com/1222400"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2021-46929",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2021-46929",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "important"
}
],
"title": "CVE-2021-46929"
},
{
"cve": "CVE-2021-46930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: mtu3: fix list_head check warning\n\nThis is caused by uninitialization of list_head.\n\nBUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4\n\nCall trace:\ndump_backtrace+0x0/0x298\nshow_stack+0x24/0x34\ndump_stack+0x130/0x1a8\nprint_address_description+0x88/0x56c\n__kasan_report+0x1b8/0x2a0\nkasan_report+0x14/0x20\n__asan_load8+0x9c/0xa0\n__list_del_entry_valid+0x34/0xe4\nmtu3_req_complete+0x4c/0x300 [mtu3]\nmtu3_gadget_stop+0x168/0x448 [mtu3]\nusb_gadget_unregister_driver+0x204/0x3a0\nunregister_gadget_item+0x44/0xa4",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46930",
"url": "https://www.suse.com/security/cve/CVE-2021-46930"
},
{
"category": "external",
"summary": "SUSE Bug 1220484 for CVE-2021-46930",
"url": "https://bugzilla.suse.com/1220484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-46930"
},
{
"cve": "CVE-2021-46931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Wrap the tx reporter dump callback to extract the sq\n\nFunction mlx5e_tx_reporter_dump_sq() casts its void * argument to struct\nmlx5e_txqsq *, but in TX-timeout-recovery flow the argument is actually\nof type struct mlx5e_tx_timeout_ctx *.\n\n mlx5_core 0000:08:00.1 enp8s0f1: TX timeout detected\n mlx5_core 0000:08:00.1 enp8s0f1: TX timeout on queue: 1, SQ: 0x11ec, CQ: 0x146d, SQ Cons: 0x0 SQ Prod: 0x1, usecs since last trans: 21565000\n BUG: stack guard page was hit at 0000000093f1a2de (stack is 00000000b66ea0dc..000000004d932dae)\n kernel stack overflow (page fault): 0000 [#1] SMP NOPTI\n CPU: 5 PID: 95 Comm: kworker/u20:1 Tainted: G W OE 5.13.0_mlnx #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5e mlx5e_tx_timeout_work [mlx5_core]\n RIP: 0010:mlx5e_tx_reporter_dump_sq+0xd3/0x180\n [mlx5_core]\n Call Trace:\n mlx5e_tx_reporter_dump+0x43/0x1c0 [mlx5_core]\n devlink_health_do_dump.part.91+0x71/0xd0\n devlink_health_report+0x157/0x1b0\n mlx5e_reporter_tx_timeout+0xb9/0xf0 [mlx5_core]\n ? mlx5e_tx_reporter_err_cqe_recover+0x1d0/0x1d0\n [mlx5_core]\n ? mlx5e_health_queue_dump+0xd0/0xd0 [mlx5_core]\n ? update_load_avg+0x19b/0x550\n ? set_next_entity+0x72/0x80\n ? pick_next_task_fair+0x227/0x340\n ? finish_task_switch+0xa2/0x280\n mlx5e_tx_timeout_work+0x83/0xb0 [mlx5_core]\n process_one_work+0x1de/0x3a0\n worker_thread+0x2d/0x3c0\n ? process_one_work+0x3a0/0x3a0\n kthread+0x115/0x130\n ? kthread_park+0x90/0x90\n ret_from_fork+0x1f/0x30\n --[ end trace 51ccabea504edaff ]---\n RIP: 0010:mlx5e_tx_reporter_dump_sq+0xd3/0x180\n PKRU: 55555554\n Kernel panic - not syncing: Fatal exception\n Kernel Offset: disabled\n end Kernel panic - not syncing: Fatal exception\n\nTo fix this bug add a wrapper for mlx5e_tx_reporter_dump_sq() which\nextracts the sq from struct mlx5e_tx_timeout_ctx and set it as the\nTX-timeout-recovery flow dump callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46931",
"url": "https://www.suse.com/security/cve/CVE-2021-46931"
},
{
"category": "external",
"summary": "SUSE Bug 1220486 for CVE-2021-46931",
"url": "https://bugzilla.suse.com/1220486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-46931"
},
{
"cve": "CVE-2021-46933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46933"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.\n\nffs_data_clear is indirectly called from both ffs_fs_kill_sb and\nffs_ep0_release, so it ends up being called twice when userland closes ep0\nand then unmounts f_fs.\nIf userland provided an eventfd along with function\u0027s USB descriptors, it\nends up calling eventfd_ctx_put as many times, causing a refcount\nunderflow.\nNULL-ify ffs_eventfd to prevent these extraneous eventfd_ctx_put calls.\n\nAlso, set epfiles to NULL right after de-allocating it, for readability.\n\nFor completeness, ffs_data_clear actually ends up being called thrice, the\nlast call being before the whole ffs structure gets freed, so when this\nspecific sequence happens there is a second underflow happening (but not\nbeing reported):\n\n/sys/kernel/debug/tracing# modprobe usb_f_fs\n/sys/kernel/debug/tracing# echo ffs_data_clear \u003e set_ftrace_filter\n/sys/kernel/debug/tracing# echo function \u003e current_tracer\n/sys/kernel/debug/tracing# echo 1 \u003e tracing_on\n(setup gadget, run and kill function userland process, teardown gadget)\n/sys/kernel/debug/tracing# echo 0 \u003e tracing_on\n/sys/kernel/debug/tracing# cat trace\n smartcard-openp-436 [000] ..... 1946.208786: ffs_data_clear \u003c-ffs_data_closed\n smartcard-openp-431 [000] ..... 1946.279147: ffs_data_clear \u003c-ffs_data_closed\n smartcard-openp-431 [000] .n... 1946.905512: ffs_data_clear \u003c-ffs_data_put\n\nWarning output corresponding to above trace:\n[ 1946.284139] WARNING: CPU: 0 PID: 431 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15c\n[ 1946.293094] refcount_t: underflow; use-after-free.\n[ 1946.298164] Modules linked in: usb_f_ncm(E) u_ether(E) usb_f_fs(E) hci_uart(E) btqca(E) btrtl(E) btbcm(E) btintel(E) bluetooth(E) nls_ascii(E) nls_cp437(E) vfat(E) fat(E) bcm2835_v4l2(CE) bcm2835_mmal_vchiq(CE) videobuf2_vmalloc(E) videobuf2_memops(E) sha512_generic(E) videobuf2_v4l2(E) sha512_arm(E) videobuf2_common(E) videodev(E) cpufreq_dt(E) snd_bcm2835(CE) brcmfmac(E) mc(E) vc4(E) ctr(E) brcmutil(E) snd_soc_core(E) snd_pcm_dmaengine(E) drbg(E) snd_pcm(E) snd_timer(E) snd(E) soundcore(E) drm_kms_helper(E) cec(E) ansi_cprng(E) rc_core(E) syscopyarea(E) raspberrypi_cpufreq(E) sysfillrect(E) sysimgblt(E) cfg80211(E) max17040_battery(OE) raspberrypi_hwmon(E) fb_sys_fops(E) regmap_i2c(E) ecdh_generic(E) rfkill(E) ecc(E) bcm2835_rng(E) rng_core(E) vchiq(CE) leds_gpio(E) libcomposite(E) fuse(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) sdhci_iproc(E) sdhci_pltfm(E) sdhci(E)\n[ 1946.399633] CPU: 0 PID: 431 Comm: smartcard-openp Tainted: G C OE 5.15.0-1-rpi #1 Debian 5.15.3-1\n[ 1946.417950] Hardware name: BCM2835\n[ 1946.425442] Backtrace:\n[ 1946.432048] [\u003cc08d60a0\u003e] (dump_backtrace) from [\u003cc08d62ec\u003e] (show_stack+0x20/0x24)\n[ 1946.448226] r7:00000009 r6:0000001c r5:c04a948c r4:c0a64e2c\n[ 1946.458412] [\u003cc08d62cc\u003e] (show_stack) from [\u003cc08d9ae0\u003e] (dump_stack+0x28/0x30)\n[ 1946.470380] [\u003cc08d9ab8\u003e] (dump_stack) from [\u003cc0123500\u003e] (__warn+0xe8/0x154)\n[ 1946.482067] r5:c04a948c r4:c0a71dc8\n[ 1946.490184] [\u003cc0123418\u003e] (__warn) from [\u003cc08d6948\u003e] (warn_slowpath_fmt+0xa0/0xe4)\n[ 1946.506758] r7:00000009 r6:0000001c r5:c0a71dc8 r4:c0a71e04\n[ 1946.517070] [\u003cc08d68ac\u003e] (warn_slowpath_fmt) from [\u003cc04a948c\u003e] (refcount_warn_saturate+0x110/0x15c)\n[ 1946.535309] r8:c0100224 r7:c0dfcb84 r6:ffffffff r5:c3b84c00 r4:c24a17c0\n[ 1946.546708] [\u003cc04a937c\u003e] (refcount_warn_saturate) from [\u003cc0380134\u003e] (eventfd_ctx_put+0x48/0x74)\n[ 1946.564476] [\u003cc03800ec\u003e] (eventfd_ctx_put) from [\u003cbf5464e8\u003e] (ffs_data_clear+0xd0/0x118 [usb_f_fs])\n[ 1946.582664] r5:c3b84c00 r4:c2695b00\n[ 1946.590668] [\u003cbf546418\u003e] (ffs_data_clear [usb_f_fs]) from [\u003cbf547cc0\u003e] (ffs_data_closed+0x9c/0x150 [usb_f_fs])\n[ 1946.609608] r5:bf54d014 r4:c2695b00\n[ 1946.617522] [\u003cbf547c24\u003e] (ffs_data_closed [usb_f_fs]) from [\u003cbf547da0\u003e] (ffs_fs_kill_sb+0x2c/0x30 [usb_f_fs])\n[ 1946.636217] r7:c0dfcb\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46933",
"url": "https://www.suse.com/security/cve/CVE-2021-46933"
},
{
"category": "external",
"summary": "SUSE Bug 1220487 for CVE-2021-46933",
"url": "https://bugzilla.suse.com/1220487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-46933"
},
{
"cve": "CVE-2021-46936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix use-after-free in tw_timer_handler\n\nA real world panic issue was found as follow in Linux 5.4.\n\n BUG: unable to handle page fault for address: ffffde49a863de28\n PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0\n RIP: 0010:tw_timer_handler+0x20/0x40\n Call Trace:\n \u003cIRQ\u003e\n call_timer_fn+0x2b/0x120\n run_timer_softirq+0x1ef/0x450\n __do_softirq+0x10d/0x2b8\n irq_exit+0xc7/0xd0\n smp_apic_timer_interrupt+0x68/0x120\n apic_timer_interrupt+0xf/0x20\n\nThis issue was also reported since 2017 in the thread [1],\nunfortunately, the issue was still can be reproduced after fixing\nDCCP.\n\nThe ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net\nnamespace is destroyed since tcp_sk_ops is registered befrore\nipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops\nin the list of pernet_list. There will be a use-after-free on\nnet-\u003emib.net_statistics in tw_timer_handler after ipv4_mib_exit_net\nif there are some inflight time-wait timers.\n\nThis bug is not introduced by commit f2bf415cfed7 (\"mib: add net to\nNET_ADD_STATS_BH\") since the net_statistics is a global variable\ninstead of dynamic allocation and freeing. Actually, commit\n61a7e26028b9 (\"mib: put net statistics on struct net\") introduces\nthe bug since it put net statistics on struct net and free it when\nnet namespace is destroyed.\n\nMoving init_ipv4_mibs() to the front of tcp_init() to fix this bug\nand replace pr_crit() with panic() since continuing is meaningless\nwhen init_ipv4_mibs() fails.\n\n[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46936",
"url": "https://www.suse.com/security/cve/CVE-2021-46936"
},
{
"category": "external",
"summary": "SUSE Bug 1220439 for CVE-2021-46936",
"url": "https://bugzilla.suse.com/1220439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-46936"
},
{
"cve": "CVE-2021-47082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntun: avoid double free in tun_free_netdev\n\nAvoid double free in tun_free_netdev() by moving the\ndev-\u003etstats and tun-\u003esecurity allocs to a new ndo_init routine\n(tun_net_init()) that will be called by register_netdevice().\nndo_init is paired with the desctructor (tun_free_netdev()),\nso if there\u0027s an error in register_netdevice() the destructor\nwill handle the frees.\n\nBUG: KASAN: double-free or invalid-free in selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605\n\nCPU: 0 PID: 25750 Comm: syz-executor416 Not tainted 5.16.0-rc2-syzk #1\nHardware name: Red Hat KVM, BIOS\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106\nprint_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:247\nkasan_report_invalid_free+0x55/0x80 mm/kasan/report.c:372\n____kasan_slab_free mm/kasan/common.c:346 [inline]\n__kasan_slab_free+0x107/0x120 mm/kasan/common.c:374\nkasan_slab_free include/linux/kasan.h:235 [inline]\nslab_free_hook mm/slub.c:1723 [inline]\nslab_free_freelist_hook mm/slub.c:1749 [inline]\nslab_free mm/slub.c:3513 [inline]\nkfree+0xac/0x2d0 mm/slub.c:4561\nselinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605\nsecurity_tun_dev_free_security+0x4f/0x90 security/security.c:2342\ntun_free_netdev+0xe6/0x150 drivers/net/tun.c:2215\nnetdev_run_todo+0x4df/0x840 net/core/dev.c:10627\nrtnl_unlock+0x13/0x20 net/core/rtnetlink.c:112\n__tun_chr_ioctl+0x80c/0x2870 drivers/net/tun.c:3302\ntun_chr_ioctl+0x2f/0x40 drivers/net/tun.c:3311\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:874 [inline]\n__se_sys_ioctl fs/ioctl.c:860 [inline]\n__x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x44/0xae",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47082",
"url": "https://www.suse.com/security/cve/CVE-2021-47082"
},
{
"category": "external",
"summary": "SUSE Bug 1220969 for CVE-2021-47082",
"url": "https://bugzilla.suse.com/1220969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47082"
},
{
"cve": "CVE-2021-47087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix incorrect page free bug\n\nPointer to the allocated pages (struct page *page) has already\nprogressed towards the end of allocation. It is incorrect to perform\n__free_pages(page, order) using this pointer as we would free any\narbitrary pages. Fix this by stop modifying the page pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47087",
"url": "https://www.suse.com/security/cve/CVE-2021-47087"
},
{
"category": "external",
"summary": "SUSE Bug 1220954 for CVE-2021-47087",
"url": "https://bugzilla.suse.com/1220954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47087"
},
{
"cve": "CVE-2021-47091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix locking in ieee80211_start_ap error path\n\nWe need to hold the local-\u003emtx to release the channel context,\nas even encoded by the lockdep_assert_held() there. Fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47091",
"url": "https://www.suse.com/security/cve/CVE-2021-47091"
},
{
"category": "external",
"summary": "SUSE Bug 1220959 for CVE-2021-47091",
"url": "https://bugzilla.suse.com/1220959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47091"
},
{
"cve": "CVE-2021-47093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel_pmc_core: fix memleak on registration failure\n\nIn case device registration fails during module initialisation, the\nplatform device structure needs to be freed using platform_device_put()\nto properly free all resources (e.g. the device name).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47093",
"url": "https://www.suse.com/security/cve/CVE-2021-47093"
},
{
"category": "external",
"summary": "SUSE Bug 1220978 for CVE-2021-47093",
"url": "https://bugzilla.suse.com/1220978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47093"
},
{
"cve": "CVE-2021-47094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Don\u0027t advance iterator after restart due to yielding\n\nAfter dropping mmu_lock in the TDP MMU, restart the iterator during\ntdp_iter_next() and do not advance the iterator. Advancing the iterator\nresults in skipping the top-level SPTE and all its children, which is\nfatal if any of the skipped SPTEs were not visited before yielding.\n\nWhen zapping all SPTEs, i.e. when min_level == root_level, restarting the\niter and then invoking tdp_iter_next() is always fatal if the current gfn\nhas as a valid SPTE, as advancing the iterator results in try_step_side()\nskipping the current gfn, which wasn\u0027t visited before yielding.\n\nSprinkle WARNs on iter-\u003eyielded being true in various helpers that are\noften used in conjunction with yielding, and tag the helper with\n__must_check to reduce the probabily of improper usage.\n\nFailing to zap a top-level SPTE manifests in one of two ways. If a valid\nSPTE is skipped by both kvm_tdp_mmu_zap_all() and kvm_tdp_mmu_put_root(),\nthe shadow page will be leaked and KVM will WARN accordingly.\n\n WARNING: CPU: 1 PID: 3509 at arch/x86/kvm/mmu/tdp_mmu.c:46 [kvm]\n RIP: 0010:kvm_mmu_uninit_tdp_mmu+0x3e/0x50 [kvm]\n Call Trace:\n \u003cTASK\u003e\n kvm_arch_destroy_vm+0x130/0x1b0 [kvm]\n kvm_destroy_vm+0x162/0x2a0 [kvm]\n kvm_vcpu_release+0x34/0x60 [kvm]\n __fput+0x82/0x240\n task_work_run+0x5c/0x90\n do_exit+0x364/0xa10\n ? futex_unqueue+0x38/0x60\n do_group_exit+0x33/0xa0\n get_signal+0x155/0x850\n arch_do_signal_or_restart+0xed/0x750\n exit_to_user_mode_prepare+0xc5/0x120\n syscall_exit_to_user_mode+0x1d/0x40\n do_syscall_64+0x48/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nIf kvm_tdp_mmu_zap_all() skips a gfn/SPTE but that SPTE is then zapped by\nkvm_tdp_mmu_put_root(), KVM triggers a use-after-free in the form of\nmarking a struct page as dirty/accessed after it has been put back on the\nfree list. This directly triggers a WARN due to encountering a page with\npage_count() == 0, but it can also lead to data corruption and additional\nerrors in the kernel.\n\n WARNING: CPU: 7 PID: 1995658 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:171\n RIP: 0010:kvm_is_zone_device_pfn.part.0+0x9e/0xd0 [kvm]\n Call Trace:\n \u003cTASK\u003e\n kvm_set_pfn_dirty+0x120/0x1d0 [kvm]\n __handle_changed_spte+0x92e/0xca0 [kvm]\n __handle_changed_spte+0x63c/0xca0 [kvm]\n __handle_changed_spte+0x63c/0xca0 [kvm]\n __handle_changed_spte+0x63c/0xca0 [kvm]\n zap_gfn_range+0x549/0x620 [kvm]\n kvm_tdp_mmu_put_root+0x1b6/0x270 [kvm]\n mmu_free_root_page+0x219/0x2c0 [kvm]\n kvm_mmu_free_roots+0x1b4/0x4e0 [kvm]\n kvm_mmu_unload+0x1c/0xa0 [kvm]\n kvm_arch_destroy_vm+0x1f2/0x5c0 [kvm]\n kvm_put_kvm+0x3b1/0x8b0 [kvm]\n kvm_vcpu_release+0x4e/0x70 [kvm]\n __fput+0x1f7/0x8c0\n task_work_run+0xf8/0x1a0\n do_exit+0x97b/0x2230\n do_group_exit+0xda/0x2a0\n get_signal+0x3be/0x1e50\n arch_do_signal_or_restart+0x244/0x17f0\n exit_to_user_mode_prepare+0xcb/0x120\n syscall_exit_to_user_mode+0x1d/0x40\n do_syscall_64+0x4d/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nNote, the underlying bug existed even before commit 1af4a96025b3 (\"KVM:\nx86/mmu: Yield in TDU MMU iter even if no SPTES changed\") moved calls to\ntdp_mmu_iter_cond_resched() to the beginning of loops, as KVM could still\nincorrectly advance past a top-level entry when yielding on a lower-level\nentry. But with respect to leaking shadow pages, the bug was introduced\nby yielding before processing the current gfn.\n\nAlternatively, tdp_mmu_iter_cond_resched() could simply fall through, or\ncallers could jump to their \"retry\" label. The downside of that approach\nis that tdp_mmu_iter_cond_resched() _must_ be called before anything else\nin the loop, and there\u0027s no easy way to enfornce that requirement.\n\nIdeally, KVM would handling the cond_resched() fully within the iterator\nmacro (the code is actually quite clean) and avoid this entire class of\nbugs, but that is extremely difficult do wh\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47094",
"url": "https://www.suse.com/security/cve/CVE-2021-47094"
},
{
"category": "external",
"summary": "SUSE Bug 1221551 for CVE-2021-47094",
"url": "https://bugzilla.suse.com/1221551"
},
{
"category": "external",
"summary": "SUSE Bug 1222401 for CVE-2021-47094",
"url": "https://bugzilla.suse.com/1222401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "important"
}
],
"title": "CVE-2021-47094"
},
{
"cve": "CVE-2021-47095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ssif: initialize ssif_info-\u003eclient early\n\nDuring probe ssif_info-\u003eclient is dereferenced in error path. However,\nit is set when some of the error checking has already been done. This\ncauses following kernel crash if an error path is taken:\n\n[ 30.645593][ T674] ipmi_ssif 0-000e: ipmi_ssif: Not probing, Interface already present\n[ 30.657616][ T674] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000088\n...\n[ 30.657723][ T674] pc : __dev_printk+0x28/0xa0\n[ 30.657732][ T674] lr : _dev_err+0x7c/0xa0\n...\n[ 30.657772][ T674] Call trace:\n[ 30.657775][ T674] __dev_printk+0x28/0xa0\n[ 30.657778][ T674] _dev_err+0x7c/0xa0\n[ 30.657781][ T674] ssif_probe+0x548/0x900 [ipmi_ssif 62ce4b08badc1458fd896206d9ef69a3c31f3d3e]\n[ 30.657791][ T674] i2c_device_probe+0x37c/0x3c0\n...\n\nInitialize ssif_info-\u003eclient before any error path can be taken. Clear\ni2c_client data in the error path to prevent the dangling pointer from\nleaking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47095",
"url": "https://www.suse.com/security/cve/CVE-2021-47095"
},
{
"category": "external",
"summary": "SUSE Bug 1220979 for CVE-2021-47095",
"url": "https://bugzilla.suse.com/1220979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47095"
},
{
"cve": "CVE-2021-47096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: rawmidi - fix the uninitalized user_pversion\n\nThe user_pversion was uninitialized for the user space file structure\nin the open function, because the file private structure use\nkmalloc for the allocation.\n\nThe kernel ALSA sequencer code clears the file structure, so no additional\nfixes are required.\n\nBugLink: https://github.com/alsa-project/alsa-lib/issues/178",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47096",
"url": "https://www.suse.com/security/cve/CVE-2021-47096"
},
{
"category": "external",
"summary": "SUSE Bug 1220981 for CVE-2021-47096",
"url": "https://bugzilla.suse.com/1220981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47096"
},
{
"cve": "CVE-2021-47097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: elantech - fix stack out of bound access in elantech_change_report_id()\n\nThe array param[] in elantech_change_report_id() must be at least 3\nbytes, because elantech_read_reg_params() is calling ps2_command() with\nPSMOUSE_CMD_GETINFO, that is going to access 3 bytes from param[], but\nit\u0027s defined in the stack as an array of 2 bytes, therefore we have a\npotential stack out-of-bounds access here, also confirmed by KASAN:\n\n[ 6.512374] BUG: KASAN: stack-out-of-bounds in __ps2_command+0x372/0x7e0\n[ 6.512397] Read of size 1 at addr ffff8881024d77c2 by task kworker/2:1/118\n\n[ 6.512416] CPU: 2 PID: 118 Comm: kworker/2:1 Not tainted 5.13.0-22-generic #22+arighi20211110\n[ 6.512428] Hardware name: LENOVO 20T8000QGE/20T8000QGE, BIOS R1AET32W (1.08 ) 08/14/2020\n[ 6.512436] Workqueue: events_long serio_handle_event\n[ 6.512453] Call Trace:\n[ 6.512462] show_stack+0x52/0x58\n[ 6.512474] dump_stack+0xa1/0xd3\n[ 6.512487] print_address_description.constprop.0+0x1d/0x140\n[ 6.512502] ? __ps2_command+0x372/0x7e0\n[ 6.512516] __kasan_report.cold+0x7d/0x112\n[ 6.512527] ? _raw_write_lock_irq+0x20/0xd0\n[ 6.512539] ? __ps2_command+0x372/0x7e0\n[ 6.512552] kasan_report+0x3c/0x50\n[ 6.512564] __asan_load1+0x6a/0x70\n[ 6.512575] __ps2_command+0x372/0x7e0\n[ 6.512589] ? ps2_drain+0x240/0x240\n[ 6.512601] ? dev_printk_emit+0xa2/0xd3\n[ 6.512612] ? dev_vprintk_emit+0xc5/0xc5\n[ 6.512621] ? __kasan_check_write+0x14/0x20\n[ 6.512634] ? mutex_lock+0x8f/0xe0\n[ 6.512643] ? __mutex_lock_slowpath+0x20/0x20\n[ 6.512655] ps2_command+0x52/0x90\n[ 6.512670] elantech_ps2_command+0x4f/0xc0 [psmouse]\n[ 6.512734] elantech_change_report_id+0x1e6/0x256 [psmouse]\n[ 6.512799] ? elantech_report_trackpoint.constprop.0.cold+0xd/0xd [psmouse]\n[ 6.512863] ? ps2_command+0x7f/0x90\n[ 6.512877] elantech_query_info.cold+0x6bd/0x9ed [psmouse]\n[ 6.512943] ? elantech_setup_ps2+0x460/0x460 [psmouse]\n[ 6.513005] ? psmouse_reset+0x69/0xb0 [psmouse]\n[ 6.513064] ? psmouse_attr_set_helper+0x2a0/0x2a0 [psmouse]\n[ 6.513122] ? phys_pmd_init+0x30e/0x521\n[ 6.513137] elantech_init+0x8a/0x200 [psmouse]\n[ 6.513200] ? elantech_init_ps2+0xf0/0xf0 [psmouse]\n[ 6.513249] ? elantech_query_info+0x440/0x440 [psmouse]\n[ 6.513296] ? synaptics_send_cmd+0x60/0x60 [psmouse]\n[ 6.513342] ? elantech_query_info+0x440/0x440 [psmouse]\n[ 6.513388] ? psmouse_try_protocol+0x11e/0x170 [psmouse]\n[ 6.513432] psmouse_extensions+0x65d/0x6e0 [psmouse]\n[ 6.513476] ? psmouse_try_protocol+0x170/0x170 [psmouse]\n[ 6.513519] ? mutex_unlock+0x22/0x40\n[ 6.513526] ? ps2_command+0x7f/0x90\n[ 6.513536] ? psmouse_probe+0xa3/0xf0 [psmouse]\n[ 6.513580] psmouse_switch_protocol+0x27d/0x2e0 [psmouse]\n[ 6.513624] psmouse_connect+0x272/0x530 [psmouse]\n[ 6.513669] serio_driver_probe+0x55/0x70\n[ 6.513679] really_probe+0x190/0x720\n[ 6.513689] driver_probe_device+0x160/0x1f0\n[ 6.513697] device_driver_attach+0x119/0x130\n[ 6.513705] ? device_driver_attach+0x130/0x130\n[ 6.513713] __driver_attach+0xe7/0x1a0\n[ 6.513720] ? device_driver_attach+0x130/0x130\n[ 6.513728] bus_for_each_dev+0xfb/0x150\n[ 6.513738] ? subsys_dev_iter_exit+0x10/0x10\n[ 6.513748] ? _raw_write_unlock_bh+0x30/0x30\n[ 6.513757] driver_attach+0x2d/0x40\n[ 6.513764] serio_handle_event+0x199/0x3d0\n[ 6.513775] process_one_work+0x471/0x740\n[ 6.513785] worker_thread+0x2d2/0x790\n[ 6.513794] ? process_one_work+0x740/0x740\n[ 6.513802] kthread+0x1b4/0x1e0\n[ 6.513809] ? set_kthread_struct+0x80/0x80\n[ 6.513816] ret_from_fork+0x22/0x30\n\n[ 6.513832] The buggy address belongs to the page:\n[ 6.513838] page:00000000bc35e189 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024d7\n[ 6.513847] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)\n[ 6.513860] raw: 0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47097",
"url": "https://www.suse.com/security/cve/CVE-2021-47097"
},
{
"category": "external",
"summary": "SUSE Bug 1220982 for CVE-2021-47097",
"url": "https://bugzilla.suse.com/1220982"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47097"
},
{
"cve": "CVE-2021-47098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations\n\nCommit b50aa49638c7 (\"hwmon: (lm90) Prevent integer underflows of\ntemperature calculations\") addressed a number of underflow situations\nwhen writing temperature limits. However, it missed one situation, seen\nwhen an attempt is made to set the hysteresis value to MAX_LONG and the\ncritical temperature limit is negative.\n\nUse clamp_val() when setting the hysteresis temperature to ensure that\nthe provided value can never overflow or underflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47098",
"url": "https://www.suse.com/security/cve/CVE-2021-47098"
},
{
"category": "external",
"summary": "SUSE Bug 1220983 for CVE-2021-47098",
"url": "https://bugzilla.suse.com/1220983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47098"
},
{
"cve": "CVE-2021-47099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nveth: ensure skb entering GRO are not cloned.\n\nAfter commit d3256efd8e8b (\"veth: allow enabling NAPI even without XDP\"),\nif GRO is enabled on a veth device and TSO is disabled on the peer\ndevice, TCP skbs will go through the NAPI callback. If there is no XDP\nprogram attached, the veth code does not perform any share check, and\nshared/cloned skbs could enter the GRO engine.\n\nIgnat reported a BUG triggered later-on due to the above condition:\n\n[ 53.970529][ C1] kernel BUG at net/core/skbuff.c:3574!\n[ 53.981755][ C1] invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 53.982634][ C1] CPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 5.16.0-rc5+ #25\n[ 53.982634][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n[ 53.982634][ C1] RIP: 0010:skb_shift+0x13ef/0x23b0\n[ 53.982634][ C1] Code: ea 03 0f b6 04 02 48 89 fa 83 e2 07 38 d0\n7f 08 84 c0 0f 85 41 0c 00 00 41 80 7f 02 00 4d 8d b5 d0 00 00 00 0f\n85 74 f5 ff ff \u003c0f\u003e 0b 4d 8d 77 20 be 04 00 00 00 4c 89 44 24 78 4c 89\nf7 4c 89 8c\n[ 53.982634][ C1] RSP: 0018:ffff8881008f7008 EFLAGS: 00010246\n[ 53.982634][ C1] RAX: 0000000000000000 RBX: ffff8881180b4c80 RCX: 0000000000000000\n[ 53.982634][ C1] RDX: 0000000000000002 RSI: ffff8881180b4d3c RDI: ffff88810bc9cac2\n[ 53.982634][ C1] RBP: ffff8881008f70b8 R08: ffff8881180b4cf4 R09: ffff8881180b4cf0\n[ 53.982634][ C1] R10: ffffed1022999e5c R11: 0000000000000002 R12: 0000000000000590\n[ 53.982634][ C1] R13: ffff88810f940c80 R14: ffff88810f940d50 R15: ffff88810bc9cac0\n[ 53.982634][ C1] FS: 0000000000000000(0000) GS:ffff888235880000(0000) knlGS:0000000000000000\n[ 53.982634][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 53.982634][ C1] CR2: 00007ff5f9b86680 CR3: 0000000108ce8004 CR4: 0000000000170ee0\n[ 53.982634][ C1] Call Trace:\n[ 53.982634][ C1] \u003cTASK\u003e\n[ 53.982634][ C1] tcp_sacktag_walk+0xaba/0x18e0\n[ 53.982634][ C1] tcp_sacktag_write_queue+0xe7b/0x3460\n[ 53.982634][ C1] tcp_ack+0x2666/0x54b0\n[ 53.982634][ C1] tcp_rcv_established+0x4d9/0x20f0\n[ 53.982634][ C1] tcp_v4_do_rcv+0x551/0x810\n[ 53.982634][ C1] tcp_v4_rcv+0x22ed/0x2ed0\n[ 53.982634][ C1] ip_protocol_deliver_rcu+0x96/0xaf0\n[ 53.982634][ C1] ip_local_deliver_finish+0x1e0/0x2f0\n[ 53.982634][ C1] ip_sublist_rcv_finish+0x211/0x440\n[ 53.982634][ C1] ip_list_rcv_finish.constprop.0+0x424/0x660\n[ 53.982634][ C1] ip_list_rcv+0x2c8/0x410\n[ 53.982634][ C1] __netif_receive_skb_list_core+0x65c/0x910\n[ 53.982634][ C1] netif_receive_skb_list_internal+0x5f9/0xcb0\n[ 53.982634][ C1] napi_complete_done+0x188/0x6e0\n[ 53.982634][ C1] gro_cell_poll+0x10c/0x1d0\n[ 53.982634][ C1] __napi_poll+0xa1/0x530\n[ 53.982634][ C1] net_rx_action+0x567/0x1270\n[ 53.982634][ C1] __do_softirq+0x28a/0x9ba\n[ 53.982634][ C1] run_ksoftirqd+0x32/0x60\n[ 53.982634][ C1] smpboot_thread_fn+0x559/0x8c0\n[ 53.982634][ C1] kthread+0x3b9/0x490\n[ 53.982634][ C1] ret_from_fork+0x22/0x30\n[ 53.982634][ C1] \u003c/TASK\u003e\n\nAddress the issue by skipping the GRO stage for shared or cloned skbs.\nTo reduce the chance of OoO, try to unclone the skbs before giving up.\n\nv1 -\u003e v2:\n - use avoid skb_copy and fallback to netif_receive_skb - Eric",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47099",
"url": "https://www.suse.com/security/cve/CVE-2021-47099"
},
{
"category": "external",
"summary": "SUSE Bug 1220955 for CVE-2021-47099",
"url": "https://bugzilla.suse.com/1220955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47099"
},
{
"cve": "CVE-2021-47100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module\n\nHi,\n\nWhen testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko,\nthe system crashed.\n\nThe log as follows:\n[ 141.087026] BUG: unable to handle kernel paging request at ffffffffc09b3a5a\n[ 141.087241] PGD 8fe4c0d067 P4D 8fe4c0d067 PUD 8fe4c0f067 PMD 103ad89067 PTE 0\n[ 141.087464] Oops: 0010 [#1] SMP NOPTI\n[ 141.087580] CPU: 67 PID: 668 Comm: kworker/67:1 Kdump: loaded Not tainted 4.18.0.x86_64 #47\n[ 141.088009] Workqueue: events 0xffffffffc09b3a40\n[ 141.088009] RIP: 0010:0xffffffffc09b3a5a\n[ 141.088009] Code: Bad RIP value.\n[ 141.088009] RSP: 0018:ffffb9094e2c3e88 EFLAGS: 00010246\n[ 141.088009] RAX: 0000000000000000 RBX: ffff9abfdb1f04a0 RCX: 0000000000000000\n[ 141.088009] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246\n[ 141.088009] RBP: 0000000000000000 R08: ffff9abfffee3cb8 R09: 00000000000002e1\n[ 141.088009] R10: ffffb9094cb73d90 R11: 00000000000f4240 R12: ffff9abfffee8700\n[ 141.088009] R13: 0000000000000000 R14: ffff9abfdb1f04a0 R15: ffff9abfdb1f04a8\n[ 141.088009] FS: 0000000000000000(0000) GS:ffff9abfffec0000(0000) knlGS:0000000000000000\n[ 141.088009] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 141.088009] CR2: ffffffffc09b3a30 CR3: 0000008fe4c0a001 CR4: 00000000007606e0\n[ 141.088009] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 141.088009] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 141.088009] PKRU: 55555554\n[ 141.088009] Call Trace:\n[ 141.088009] ? process_one_work+0x195/0x390\n[ 141.088009] ? worker_thread+0x30/0x390\n[ 141.088009] ? process_one_work+0x390/0x390\n[ 141.088009] ? kthread+0x10d/0x130\n[ 141.088009] ? kthread_flush_work_fn+0x10/0x10\n[ 141.088009] ? ret_from_fork+0x35/0x40] BUG: unable to handle kernel paging request at ffffffffc0b28a5a\n[ 200.223240] PGD 97fe00d067 P4D 97fe00d067 PUD 97fe00f067 PMD a580cbf067 PTE 0\n[ 200.223464] Oops: 0010 [#1] SMP NOPTI\n[ 200.223579] CPU: 63 PID: 664 Comm: kworker/63:1 Kdump: loaded Not tainted 4.18.0.x86_64 #46\n[ 200.224008] Workqueue: events 0xffffffffc0b28a40\n[ 200.224008] RIP: 0010:0xffffffffc0b28a5a\n[ 200.224008] Code: Bad RIP value.\n[ 200.224008] RSP: 0018:ffffbf3c8e2a3e88 EFLAGS: 00010246\n[ 200.224008] RAX: 0000000000000000 RBX: ffffa0799ad6bca0 RCX: 0000000000000000\n[ 200.224008] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246\n[ 200.224008] RBP: 0000000000000000 R08: ffff9fe43fde3cb8 R09: 00000000000000d5\n[ 200.224008] R10: ffffbf3c8cb53d90 R11: 00000000000f4240 R12: ffff9fe43fde8700\n[ 200.224008] R13: 0000000000000000 R14: ffffa0799ad6bca0 R15: ffffa0799ad6bca8\n[ 200.224008] FS: 0000000000000000(0000) GS:ffff9fe43fdc0000(0000) knlGS:0000000000000000\n[ 200.224008] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 200.224008] CR2: ffffffffc0b28a30 CR3: 00000097fe00a002 CR4: 00000000007606e0\n[ 200.224008] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 200.224008] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 200.224008] PKRU: 55555554\n[ 200.224008] Call Trace:\n[ 200.224008] ? process_one_work+0x195/0x390\n[ 200.224008] ? worker_thread+0x30/0x390\n[ 200.224008] ? process_one_work+0x390/0x390\n[ 200.224008] ? kthread+0x10d/0x130\n[ 200.224008] ? kthread_flush_work_fn+0x10/0x10\n[ 200.224008] ? ret_from_fork+0x35/0x40\n[ 200.224008] kernel fault(0x1) notification starting on CPU 63\n[ 200.224008] kernel fault(0x1) notification finished on CPU 63\n[ 200.224008] CR2: ffffffffc0b28a5a\n[ 200.224008] ---[ end trace c82a412d93f57412 ]---\n\nThe reason is as follows:\nT1: rmmod ipmi_si.\n -\u003eipmi_unregister_smi()\n -\u003e ipmi_bmc_unregister()\n -\u003e __ipmi_bmc_unregister()\n -\u003e kref_put(\u0026bmc-\u003eusecount, cleanup_bmc_device);\n -\u003e schedule_work(\u0026bmc-\u003eremove_work);\n\nT2: rmmod ipmi_msghandl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47100",
"url": "https://www.suse.com/security/cve/CVE-2021-47100"
},
{
"category": "external",
"summary": "SUSE Bug 1220985 for CVE-2021-47100",
"url": "https://bugzilla.suse.com/1220985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47100"
},
{
"cve": "CVE-2021-47101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nasix: fix uninit-value in asix_mdio_read()\n\nasix_read_cmd() may read less than sizeof(smsr) bytes and in this case\nsmsr will be uninitialized.\n\nFail log:\nBUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]\nBUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497\nBUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497\n asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]\n asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497\n asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47101",
"url": "https://www.suse.com/security/cve/CVE-2021-47101"
},
{
"category": "external",
"summary": "SUSE Bug 1220987 for CVE-2021-47101",
"url": "https://bugzilla.suse.com/1220987"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47101"
},
{
"cve": "CVE-2021-47102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: fix incorrect structure access\n\nIn line:\n\tupper = info-\u003eupper_dev;\nWe access upper_dev field, which is related only for particular events\n(e.g. event == NETDEV_CHANGEUPPER). So, this line cause invalid memory\naccess for another events,\nwhen ptr is not netdev_notifier_changeupper_info.\n\nThe KASAN logs are as follows:\n\n[ 30.123165] BUG: KASAN: stack-out-of-bounds in prestera_netdev_port_event.constprop.0+0x68/0x538 [prestera]\n[ 30.133336] Read of size 8 at addr ffff80000cf772b0 by task udevd/778\n[ 30.139866]\n[ 30.141398] CPU: 0 PID: 778 Comm: udevd Not tainted 5.16.0-rc3 #6\n[ 30.147588] Hardware name: DNI AmazonGo1 A7040 board (DT)\n[ 30.153056] Call trace:\n[ 30.155547] dump_backtrace+0x0/0x2c0\n[ 30.159320] show_stack+0x18/0x30\n[ 30.162729] dump_stack_lvl+0x68/0x84\n[ 30.166491] print_address_description.constprop.0+0x74/0x2b8\n[ 30.172346] kasan_report+0x1e8/0x250\n[ 30.176102] __asan_load8+0x98/0xe0\n[ 30.179682] prestera_netdev_port_event.constprop.0+0x68/0x538 [prestera]\n[ 30.186847] prestera_netdev_event_handler+0x1b4/0x1c0 [prestera]\n[ 30.193313] raw_notifier_call_chain+0x74/0xa0\n[ 30.197860] call_netdevice_notifiers_info+0x68/0xc0\n[ 30.202924] register_netdevice+0x3cc/0x760\n[ 30.207190] register_netdev+0x24/0x50\n[ 30.211015] prestera_device_register+0x8a0/0xba0 [prestera]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47102",
"url": "https://www.suse.com/security/cve/CVE-2021-47102"
},
{
"category": "external",
"summary": "SUSE Bug 1221009 for CVE-2021-47102",
"url": "https://bugzilla.suse.com/1221009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47102"
},
{
"cve": "CVE-2021-47104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/qib: Fix memory leak in qib_user_sdma_queue_pkts()\n\nThe wrong goto label was used for the error case and missed cleanup of the\npkt allocation.\n\nAddresses-Coverity-ID: 1493352 (\"Resource leak\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47104",
"url": "https://www.suse.com/security/cve/CVE-2021-47104"
},
{
"category": "external",
"summary": "SUSE Bug 1220960 for CVE-2021-47104",
"url": "https://bugzilla.suse.com/1220960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47104"
},
{
"cve": "CVE-2021-47105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: return xsk buffers back to pool when cleaning the ring\n\nCurrently we only NULL the xdp_buff pointer in the internal SW ring but\nwe never give it back to the xsk buffer pool. This means that buffers\ncan be leaked out of the buff pool and never be used again.\n\nAdd missing xsk_buff_free() call to the routine that is supposed to\nclean the entries that are left in the ring so that these buffers in the\numem can be used by other sockets.\n\nAlso, only go through the space that is actually left to be cleaned\ninstead of a whole ring.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47105",
"url": "https://www.suse.com/security/cve/CVE-2021-47105"
},
{
"category": "external",
"summary": "SUSE Bug 1220961 for CVE-2021-47105",
"url": "https://bugzilla.suse.com/1220961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "low"
}
],
"title": "CVE-2021-47105"
},
{
"cve": "CVE-2021-47107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix READDIR buffer overflow\n\nIf a client sends a READDIR count argument that is too small (say,\nzero), then the buffer size calculation in the new init_dirlist\nhelper functions results in an underflow, allowing the XDR stream\nfunctions to write beyond the actual buffer.\n\nThis calculation has always been suspect. NFSD has never sanity-\nchecked the READDIR count argument, but the old entry encoders\nmanaged the problem correctly.\n\nWith the commits below, entry encoding changed, exposing the\nunderflow to the pointer arithmetic in xdr_reserve_space().\n\nModern NFS clients attempt to retrieve as much data as possible\nfor each READDIR request. Also, we have no unit tests that\nexercise the behavior of READDIR at the lower bound of @count\nvalues. Thus this case was missed during testing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47107",
"url": "https://www.suse.com/security/cve/CVE-2021-47107"
},
{
"category": "external",
"summary": "SUSE Bug 1220965 for CVE-2021-47107",
"url": "https://bugzilla.suse.com/1220965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47107"
},
{
"cve": "CVE-2021-47108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf\n\nIn commit 41ca9caaae0b\n(\"drm/mediatek: hdmi: Add check for CEA modes only\") a check\nfor CEA modes was added to function mtk_hdmi_bridge_mode_valid()\nin order to address possible issues on MT8167;\nmoreover, with commit c91026a938c2\n(\"drm/mediatek: hdmi: Add optional limit on maximal HDMI mode clock\")\nanother similar check was introduced.\n\nUnfortunately though, at the time of writing, MT8173 does not provide\nany mtk_hdmi_conf structure and this is crashing the kernel with NULL\npointer upon entering mtk_hdmi_bridge_mode_valid(), which happens as\nsoon as a HDMI cable gets plugged in.\n\nTo fix this regression, add a NULL pointer check for hdmi-\u003econf in the\nsaid function, restoring HDMI functionality and avoiding NULL pointer\nkernel panics.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47108",
"url": "https://www.suse.com/security/cve/CVE-2021-47108"
},
{
"category": "external",
"summary": "SUSE Bug 1220986 for CVE-2021-47108",
"url": "https://bugzilla.suse.com/1220986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2021-47108"
},
{
"cve": "CVE-2022-48626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48626"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmoxart: fix potential use-after-free on remove path\n\nIt was reported that the mmc host structure could be accessed after it\nwas freed in moxart_remove(), so fix this by saving the base register of\nthe device and using it instead of the pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48626",
"url": "https://www.suse.com/security/cve/CVE-2022-48626"
},
{
"category": "external",
"summary": "SUSE Bug 1220366 for CVE-2022-48626",
"url": "https://bugzilla.suse.com/1220366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2022-48626"
},
{
"cve": "CVE-2022-48629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48629"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qcom-rng - ensure buffer for generate is completely filled\n\nThe generate function in struct rng_alg expects that the destination\nbuffer is completely filled if the function returns 0. qcom_rng_read()\ncan run into a situation where the buffer is partially filled with\nrandomness and the remaining part of the buffer is zeroed since\nqcom_rng_generate() doesn\u0027t check the return value. This issue can\nbe reproduced by running the following from libkcapi:\n\n kcapi-rng -b 9000000 \u003e OUTFILE\n\nThe generated OUTFILE will have three huge sections that contain all\nzeros, and this is caused by the code where the test\n\u0027val \u0026 PRNG_STATUS_DATA_AVAIL\u0027 fails.\n\nLet\u0027s fix this issue by ensuring that qcom_rng_read() always returns\nwith a full buffer if the function returns success. Let\u0027s also have\nqcom_rng_generate() return the correct value.\n\nHere\u0027s some statistics from the ent project\n(https://www.fourmilab.ch/random/) that shows information about the\nquality of the generated numbers:\n\n $ ent -c qcom-random-before\n Value Char Occurrences Fraction\n 0 606748 0.067416\n 1 33104 0.003678\n 2 33001 0.003667\n ...\n 253 \ufffd 32883 0.003654\n 254 \ufffd 33035 0.003671\n 255 \ufffd 33239 0.003693\n\n Total: 9000000 1.000000\n\n Entropy = 7.811590 bits per byte.\n\n Optimum compression would reduce the size\n of this 9000000 byte file by 2 percent.\n\n Chi square distribution for 9000000 samples is 9329962.81, and\n randomly would exceed this value less than 0.01 percent of the\n times.\n\n Arithmetic mean value of data bytes is 119.3731 (127.5 = random).\n Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).\n Serial correlation coefficient is 0.159130 (totally uncorrelated =\n 0.0).\n\nWithout this patch, the results of the chi-square test is 0.01%, and\nthe numbers are certainly not random according to ent\u0027s project page.\nThe results improve with this patch:\n\n $ ent -c qcom-random-after\n Value Char Occurrences Fraction\n 0 35432 0.003937\n 1 35127 0.003903\n 2 35424 0.003936\n ...\n 253 \ufffd 35201 0.003911\n 254 \ufffd 34835 0.003871\n 255 \ufffd 35368 0.003930\n\n Total: 9000000 1.000000\n\n Entropy = 7.999979 bits per byte.\n\n Optimum compression would reduce the size\n of this 9000000 byte file by 0 percent.\n\n Chi square distribution for 9000000 samples is 258.77, and randomly\n would exceed this value 42.24 percent of the times.\n\n Arithmetic mean value of data bytes is 127.5006 (127.5 = random).\n Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).\n Serial correlation coefficient is 0.000468 (totally uncorrelated =\n 0.0).\n\nThis change was tested on a Nexus 5 phone (msm8974 SoC).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48629",
"url": "https://www.suse.com/security/cve/CVE-2022-48629"
},
{
"category": "external",
"summary": "SUSE Bug 1220989 for CVE-2022-48629",
"url": "https://bugzilla.suse.com/1220989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2022-48629"
},
{
"cve": "CVE-2022-48630",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48630"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ\n\nThe commit referenced in the Fixes tag removed the \u0027break\u0027 from the else\nbranch in qcom_rng_read(), causing an infinite loop whenever \u0027max\u0027 is\nnot a multiple of WORD_SZ. This can be reproduced e.g. by running:\n\n kcapi-rng -b 67 \u003e/dev/null\n\nThere are many ways to fix this without adding back the \u0027break\u0027, but\nthey all seem more awkward than simply adding it back, so do just that.\n\nTested on a machine with Qualcomm Amberwing processor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48630",
"url": "https://www.suse.com/security/cve/CVE-2022-48630"
},
{
"category": "external",
"summary": "SUSE Bug 1220990 for CVE-2022-48630",
"url": "https://bugzilla.suse.com/1220990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2022-48630"
},
{
"cve": "CVE-2023-35827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-35827"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-35827",
"url": "https://www.suse.com/security/cve/CVE-2023-35827"
},
{
"category": "external",
"summary": "SUSE Bug 1212514 for CVE-2023-35827",
"url": "https://bugzilla.suse.com/1212514"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2023-35827",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2023-35827",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-35827"
},
{
"cve": "CVE-2023-52450",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52450"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology()\n\nGet logical socket id instead of physical id in discover_upi_topology()\nto avoid out-of-bound access on \u0027upi = \u0026type-\u003etopology[nid][idx];\u0027 line\nthat leads to NULL pointer dereference in upi_fill_topology()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52450",
"url": "https://www.suse.com/security/cve/CVE-2023-52450"
},
{
"category": "external",
"summary": "SUSE Bug 1220237 for CVE-2023-52450",
"url": "https://bugzilla.suse.com/1220237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52450"
},
{
"cve": "CVE-2023-52454",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52454"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length\n\nIf the host sends an H2CData command with an invalid DATAL,\nthe kernel may crash in nvmet_tcp_build_pdu_iovec().\n\nUnable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\nlr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp]\nCall trace:\n process_one_work+0x174/0x3c8\n worker_thread+0x2d0/0x3e8\n kthread+0x104/0x110\n\nFix the bug by raising a fatal error if DATAL isn\u0027t coherent\nwith the packet size.\nAlso, the PDU length should never exceed the MAXH2CDATA parameter which\nhas been communicated to the host in nvmet_tcp_handle_icreq().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52454",
"url": "https://www.suse.com/security/cve/CVE-2023-52454"
},
{
"category": "external",
"summary": "SUSE Bug 1220320 for CVE-2023-52454",
"url": "https://bugzilla.suse.com/1220320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52454"
},
{
"cve": "CVE-2023-52469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52469"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/amd/pm: fix a use-after-free in kv_parse_power_table\n\nWhen ps allocated by kzalloc equals to NULL, kv_parse_power_table\nfrees adev-\u003epm.dpm.ps that allocated before. However, after the control\nflow goes through the following call chains:\n\nkv_parse_power_table\n |-\u003e kv_dpm_init\n |-\u003e kv_dpm_sw_init\n\t |-\u003e kv_dpm_fini\n\nThe adev-\u003epm.dpm.ps is used in the for loop of kv_dpm_fini after its\nfirst free in kv_parse_power_table and causes a use-after-free bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52469",
"url": "https://www.suse.com/security/cve/CVE-2023-52469"
},
{
"category": "external",
"summary": "SUSE Bug 1220411 for CVE-2023-52469",
"url": "https://bugzilla.suse.com/1220411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52469"
},
{
"cve": "CVE-2023-52470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52470"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: check the alloc_workqueue return value in radeon_crtc_init()\n\ncheck the alloc_workqueue return value in radeon_crtc_init()\nto avoid null-ptr-deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52470",
"url": "https://www.suse.com/security/cve/CVE-2023-52470"
},
{
"category": "external",
"summary": "SUSE Bug 1220413 for CVE-2023-52470",
"url": "https://bugzilla.suse.com/1220413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52470"
},
{
"cve": "CVE-2023-52474",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52474"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests\n\nhfi1 user SDMA request processing has two bugs that can cause data\ncorruption for user SDMA requests that have multiple payload iovecs\nwhere an iovec other than the tail iovec does not run up to the page\nboundary for the buffer pointed to by that iovec.a\n\nHere are the specific bugs:\n1. user_sdma_txadd() does not use struct user_sdma_iovec-\u003eiov.iov_len.\n Rather, user_sdma_txadd() will add up to PAGE_SIZE bytes from iovec\n to the packet, even if some of those bytes are past\n iovec-\u003eiov.iov_len and are thus not intended to be in the packet.\n2. user_sdma_txadd() and user_sdma_send_pkts() fail to advance to the\n next iovec in user_sdma_request-\u003eiovs when the current iovec\n is not PAGE_SIZE and does not contain enough data to complete the\n packet. The transmitted packet will contain the wrong data from the\n iovec pages.\n\nThis has not been an issue with SDMA packets from hfi1 Verbs or PSM2\nbecause they only produce iovecs that end short of PAGE_SIZE as the tail\niovec of an SDMA request.\n\nFixing these bugs exposes other bugs with the SDMA pin cache\n(struct mmu_rb_handler) that get in way of supporting user SDMA requests\nwith multiple payload iovecs whose buffers do not end at PAGE_SIZE. So\nthis commit fixes those issues as well.\n\nHere are the mmu_rb_handler bugs that non-PAGE_SIZE-end multi-iovec\npayload user SDMA requests can hit:\n1. Overlapping memory ranges in mmu_rb_handler will result in duplicate\n pinnings.\n2. When extending an existing mmu_rb_handler entry (struct mmu_rb_node),\n the mmu_rb code (1) removes the existing entry under a lock, (2)\n releases that lock, pins the new pages, (3) then reacquires the lock\n to insert the extended mmu_rb_node.\n\n If someone else comes in and inserts an overlapping entry between (2)\n and (3), insert in (3) will fail.\n\n The failure path code in this case unpins _all_ pages in either the\n original mmu_rb_node or the new mmu_rb_node that was inserted between\n (2) and (3).\n3. In hfi1_mmu_rb_remove_unless_exact(), mmu_rb_node-\u003erefcount is\n incremented outside of mmu_rb_handler-\u003elock. As a result, mmu_rb_node\n could be evicted by another thread that gets mmu_rb_handler-\u003elock and\n checks mmu_rb_node-\u003erefcount before mmu_rb_node-\u003erefcount is\n incremented.\n4. Related to #2 above, SDMA request submission failure path does not\n check mmu_rb_node-\u003erefcount before freeing mmu_rb_node object.\n\n If there are other SDMA requests in progress whose iovecs have\n pointers to the now-freed mmu_rb_node(s), those pointers to the\n now-freed mmu_rb nodes will be dereferenced when those SDMA requests\n complete.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52474",
"url": "https://www.suse.com/security/cve/CVE-2023-52474"
},
{
"category": "external",
"summary": "SUSE Bug 1220445 for CVE-2023-52474",
"url": "https://bugzilla.suse.com/1220445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52474"
},
{
"cve": "CVE-2023-52477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: hub: Guard against accesses to uninitialized BOS descriptors\n\nMany functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h\naccess fields inside udev-\u003ebos without checking if it was allocated and\ninitialized. If usb_get_bos_descriptor() fails for whatever\nreason, udev-\u003ebos will be NULL and those accesses will result in a\ncrash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000018\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 5 PID: 17818 Comm: kworker/5:1 Tainted: G W 5.15.108-18910-gab0e1cb584e1 #1 \u003cHASH:1f9e 1\u003e\nHardware name: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 02/03/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:hub_port_reset+0x193/0x788\nCode: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 \u003c48\u003e 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9\nRSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310\nRDX: fffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840\nRBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: ffffab740c53fd3e R14: 0000000000000032 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffffa1be96540000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0\nCall Trace:\nhub_event+0x73f/0x156e\n? hub_activate+0x5b7/0x68f\nprocess_one_work+0x1a2/0x487\nworker_thread+0x11a/0x288\nkthread+0x13a/0x152\n? process_one_work+0x487/0x487\n? kthread_associate_blkcg+0x70/0x70\nret_from_fork+0x1f/0x30\n\nFall back to a default behavior if the BOS descriptor isn\u0027t accessible\nand skip all the functionalities that depend on it: LPM support checks,\nSuper Speed capabilitiy checks, U1/U2 states setup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52477",
"url": "https://www.suse.com/security/cve/CVE-2023-52477"
},
{
"category": "external",
"summary": "SUSE Bug 1220790 for CVE-2023-52477",
"url": "https://bugzilla.suse.com/1220790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52477"
},
{
"cve": "CVE-2023-52492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52492"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fix NULL pointer in channel unregistration function\n\n__dma_async_device_channel_register() can fail. In case of failure,\nchan-\u003elocal is freed (with free_percpu()), and chan-\u003elocal is nullified.\nWhen dma_async_device_unregister() is called (because of managed API or\nintentionally by DMA controller driver), channels are unconditionally\nunregistered, leading to this NULL pointer:\n[ 1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\n[...]\n[ 1.484499] Call trace:\n[ 1.486930] device_del+0x40/0x394\n[ 1.490314] device_unregister+0x20/0x7c\n[ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0\n\nLook at dma_async_device_register() function error path, channel device\nunregistration is done only if chan-\u003elocal is not NULL.\n\nThen add the same condition at the beginning of\n__dma_async_device_channel_unregister() function, to avoid NULL pointer\nissue whatever the API used to reach this function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52492",
"url": "https://www.suse.com/security/cve/CVE-2023-52492"
},
{
"category": "external",
"summary": "SUSE Bug 1221276 for CVE-2023-52492",
"url": "https://bugzilla.suse.com/1221276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52492"
},
{
"cve": "CVE-2023-52497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52497"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix lz4 inplace decompression\n\nCurrently EROFS can map another compressed buffer for inplace\ndecompression, that was used to handle the cases that some pages of\ncompressed data are actually not in-place I/O.\n\nHowever, like most simple LZ77 algorithms, LZ4 expects the compressed\ndata is arranged at the end of the decompressed buffer and it\nexplicitly uses memmove() to handle overlapping:\n __________________________________________________________\n |_ direction of decompression --\u003e ____ |_ compressed data _|\n\nAlthough EROFS arranges compressed data like this, it typically maps two\nindividual virtual buffers so the relative order is uncertain.\nPreviously, it was hardly observed since LZ4 only uses memmove() for\nshort overlapped literals and x86/arm64 memmove implementations seem to\ncompletely cover it up and they don\u0027t have this issue. Juhyung reported\nthat EROFS data corruption can be found on a new Intel x86 processor.\nAfter some analysis, it seems that recent x86 processors with the new\nFSRM feature expose this issue with \"rep movsb\".\n\nLet\u0027s strictly use the decompressed buffer for lz4 inplace\ndecompression for now. Later, as an useful improvement, we could try\nto tie up these two buffers together in the correct order.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52497",
"url": "https://www.suse.com/security/cve/CVE-2023-52497"
},
{
"category": "external",
"summary": "SUSE Bug 1220879 for CVE-2023-52497",
"url": "https://bugzilla.suse.com/1220879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52497"
},
{
"cve": "CVE-2023-52501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52501"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not attempt to read past \"commit\"\n\nWhen iterating over the ring buffer while the ring buffer is active, the\nwriter can corrupt the reader. There\u0027s barriers to help detect this and\nhandle it, but that code missed the case where the last event was at the\nvery end of the page and has only 4 bytes left.\n\nThe checks to detect the corruption by the writer to reads needs to see the\nlength of the event. If the length in the first 4 bytes is zero then the\nlength is stored in the second 4 bytes. But if the writer is in the process\nof updating that code, there\u0027s a small window where the length in the first\n4 bytes could be zero even though the length is only 4 bytes. That will\ncause rb_event_length() to read the next 4 bytes which could happen to be off the\nallocated page.\n\nTo protect against this, fail immediately if the next event pointer is\nless than 8 bytes from the end of the commit (last byte of data), as all\nevents must be a minimum of 8 bytes anyway.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52501",
"url": "https://www.suse.com/security/cve/CVE-2023-52501"
},
{
"category": "external",
"summary": "SUSE Bug 1220885 for CVE-2023-52501",
"url": "https://bugzilla.suse.com/1220885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52501"
},
{
"cve": "CVE-2023-52502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52502"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\n\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\n\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\n\nnfc_llcp_sock_get_sn() has a similar problem.\n\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52502",
"url": "https://www.suse.com/security/cve/CVE-2023-52502"
},
{
"category": "external",
"summary": "SUSE Bug 1220831 for CVE-2023-52502",
"url": "https://bugzilla.suse.com/1220831"
},
{
"category": "external",
"summary": "SUSE Bug 1220832 for CVE-2023-52502",
"url": "https://bugzilla.suse.com/1220832"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2023-52502",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2023-52502",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "important"
}
],
"title": "CVE-2023-52502"
},
{
"cve": "CVE-2023-52504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/alternatives: Disable KASAN in apply_alternatives()\n\nFei has reported that KASAN triggers during apply_alternatives() on\na 5-level paging machine:\n\n\tBUG: KASAN: out-of-bounds in rcu_is_watching()\n\tRead of size 4 at addr ff110003ee6419a0 by task swapper/0/0\n\t...\n\t__asan_load4()\n\trcu_is_watching()\n\ttrace_hardirqs_on()\n\ttext_poke_early()\n\tapply_alternatives()\n\t...\n\nOn machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)\ngets patched. It includes KASAN code, where KASAN_SHADOW_START depends on\n__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().\n\nKASAN gets confused when apply_alternatives() patches the\nKASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START\nstatic, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.\n\nFix it for real by disabling KASAN while the kernel is patching alternatives.\n\n[ mingo: updated the changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52504",
"url": "https://www.suse.com/security/cve/CVE-2023-52504"
},
{
"category": "external",
"summary": "SUSE Bug 1221553 for CVE-2023-52504",
"url": "https://bugzilla.suse.com/1221553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52504"
},
{
"cve": "CVE-2023-52507",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52507"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: assert requested protocol is valid\n\nThe protocol is used in a bit mask to determine if the protocol is\nsupported. Assert the provided protocol is less than the maximum\ndefined so it doesn\u0027t potentially perform a shift-out-of-bounds and\nprovide a clearer error for undefined protocols vs unsupported ones.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52507",
"url": "https://www.suse.com/security/cve/CVE-2023-52507"
},
{
"category": "external",
"summary": "SUSE Bug 1220833 for CVE-2023-52507",
"url": "https://bugzilla.suse.com/1220833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52507"
},
{
"cve": "CVE-2023-52508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52508"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()\n\nThe nvme_fc_fcp_op structure describing an AEN operation is initialized with a\nnull request structure pointer. An FC LLDD may make a call to\nnvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation.\n\nAdd validation of the request structure pointer before dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52508",
"url": "https://www.suse.com/security/cve/CVE-2023-52508"
},
{
"category": "external",
"summary": "SUSE Bug 1221015 for CVE-2023-52508",
"url": "https://bugzilla.suse.com/1221015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52508"
},
{
"cve": "CVE-2023-52509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52509"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nravb: Fix use-after-free issue in ravb_tx_timeout_work()\n\nThe ravb_stop() should call cancel_work_sync(). Otherwise,\nravb_tx_timeout_work() is possible to use the freed priv after\nravb_remove() was called like below:\n\nCPU0\t\t\tCPU1\n\t\t\travb_tx_timeout()\nravb_remove()\nunregister_netdev()\nfree_netdev(ndev)\n// free priv\n\t\t\travb_tx_timeout_work()\n\t\t\t// use priv\n\nunregister_netdev() will call .ndo_stop() so that ravb_stop() is\ncalled. And, after phy_stop() is called, netif_carrier_off()\nis also called. So that .ndo_tx_timeout() will not be called\nafter phy_stop().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52509",
"url": "https://www.suse.com/security/cve/CVE-2023-52509"
},
{
"category": "external",
"summary": "SUSE Bug 1220836 for CVE-2023-52509",
"url": "https://bugzilla.suse.com/1220836"
},
{
"category": "external",
"summary": "SUSE Bug 1223290 for CVE-2023-52509",
"url": "https://bugzilla.suse.com/1223290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "important"
}
],
"title": "CVE-2023-52509"
},
{
"cve": "CVE-2023-52510",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52510"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nieee802154: ca8210: Fix a potential UAF in ca8210_probe\n\nIf of_clk_add_provider() fails in ca8210_register_ext_clock(),\nit calls clk_unregister() to release priv-\u003eclk and returns an\nerror. However, the caller ca8210_probe() then calls ca8210_remove(),\nwhere priv-\u003eclk is freed again in ca8210_unregister_ext_clock(). In\nthis case, a use-after-free may happen in the second time we call\nclk_unregister().\n\nFix this by removing the first clk_unregister(). Also, priv-\u003eclk could\nbe an error code on failure of clk_register_fixed_rate(). Use\nIS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52510",
"url": "https://www.suse.com/security/cve/CVE-2023-52510"
},
{
"category": "external",
"summary": "SUSE Bug 1220898 for CVE-2023-52510",
"url": "https://bugzilla.suse.com/1220898"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52510"
},
{
"cve": "CVE-2023-52511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52511"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sun6i: reduce DMA RX transfer width to single byte\n\nThrough empirical testing it has been determined that sometimes RX SPI\ntransfers with DMA enabled return corrupted data. This is down to single\nor even multiple bytes lost during DMA transfer from SPI peripheral to\nmemory. It seems the RX FIFO within the SPI peripheral can become\nconfused when performing bus read accesses wider than a single byte to it\nduring an active SPI transfer.\n\nThis patch reduces the width of individual DMA read accesses to the\nRX FIFO to a single byte to mitigate that issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52511",
"url": "https://www.suse.com/security/cve/CVE-2023-52511"
},
{
"category": "external",
"summary": "SUSE Bug 1221012 for CVE-2023-52511",
"url": "https://bugzilla.suse.com/1221012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52511"
},
{
"cve": "CVE-2023-52513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52513"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix connection failure handling\n\nIn case immediate MPA request processing fails, the newly\ncreated endpoint unlinks the listening endpoint and is\nready to be dropped. This special case was not handled\ncorrectly by the code handling the later TCP socket close,\ncausing a NULL dereference crash in siw_cm_work_handler()\nwhen dereferencing a NULL listener. We now also cancel\nthe useless MPA timeout, if immediate MPA request\nprocessing fails.\n\nThis patch furthermore simplifies MPA processing in general:\nScheduling a useless TCP socket read in sk_data_ready() upcall\nis now surpressed, if the socket is already moved out of\nTCP_ESTABLISHED state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52513",
"url": "https://www.suse.com/security/cve/CVE-2023-52513"
},
{
"category": "external",
"summary": "SUSE Bug 1221022 for CVE-2023-52513",
"url": "https://bugzilla.suse.com/1221022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52513"
},
{
"cve": "CVE-2023-52515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52515"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srp: Do not call scsi_done() from srp_abort()\n\nAfter scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler\ncallback, it performs one of the following actions:\n* Call scsi_queue_insert().\n* Call scsi_finish_command().\n* Call scsi_eh_scmd_add().\nHence, SCSI abort handlers must not call scsi_done(). Otherwise all\nthe above actions would trigger a use-after-free. Hence remove the\nscsi_done() call from srp_abort(). Keep the srp_free_req() call\nbefore returning SUCCESS because we may not see the command again if\nSUCCESS is returned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52515",
"url": "https://www.suse.com/security/cve/CVE-2023-52515"
},
{
"category": "external",
"summary": "SUSE Bug 1221048 for CVE-2023-52515",
"url": "https://bugzilla.suse.com/1221048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52515"
},
{
"cve": "CVE-2023-52517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52517"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain\n\nPreviously the transfer complete IRQ immediately drained to RX FIFO to\nread any data remaining in FIFO to the RX buffer. This behaviour is\ncorrect when dealing with SPI in interrupt mode. However in DMA mode the\ntransfer complete interrupt still fires as soon as all bytes to be\ntransferred have been stored in the FIFO. At that point data in the FIFO\nstill needs to be picked up by the DMA engine. Thus the drain procedure\nand DMA engine end up racing to read from RX FIFO, corrupting any data\nread. Additionally the RX buffer pointer is never adjusted according to\nDMA progress in DMA mode, thus calling the RX FIFO drain procedure in DMA\nmode is a bug.\nFix corruptions in DMA RX mode by draining RX FIFO only in interrupt mode.\nAlso wait for completion of RX DMA when in DMA mode before returning to\nensure all data has been copied to the supplied memory buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52517",
"url": "https://www.suse.com/security/cve/CVE-2023-52517"
},
{
"category": "external",
"summary": "SUSE Bug 1221055 for CVE-2023-52517",
"url": "https://bugzilla.suse.com/1221055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52517"
},
{
"cve": "CVE-2023-52519",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52519"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit\n\nThe EHL (Elkhart Lake) based platforms provide a OOB (Out of band)\nservice, which allows to wakup device when the system is in S5 (Soft-Off\nstate). This OOB service can be enabled/disabled from BIOS settings. When\nenabled, the ISH device gets PME wake capability. To enable PME wakeup,\ndriver also needs to enable ACPI GPE bit.\n\nOn resume, BIOS will clear the wakeup bit. So driver need to re-enable it\nin resume function to keep the next wakeup capability. But this BIOS\nclearing of wakeup bit doesn\u0027t decrement internal OS GPE reference count,\nso this reenabling on every resume will cause reference count to overflow.\n\nSo first disable and reenable ACPI GPE bit using acpi_disable_gpe().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52519",
"url": "https://www.suse.com/security/cve/CVE-2023-52519"
},
{
"category": "external",
"summary": "SUSE Bug 1220920 for CVE-2023-52519",
"url": "https://bugzilla.suse.com/1220920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52519"
},
{
"cve": "CVE-2023-52520",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52520"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: think-lmi: Fix reference leak\n\nIf a duplicate attribute is found using kset_find_obj(), a reference\nto that attribute is returned which needs to be disposed accordingly\nusing kobject_put(). Move the setting name validation into a separate\nfunction to allow for this change without having to duplicate the\ncleanup code for this setting.\nAs a side note, a very similar bug was fixed in\ncommit 7295a996fdab (\"platform/x86: dell-sysman: Fix reference leak\"),\nso it seems that the bug was copied from that driver.\n\nCompile-tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52520",
"url": "https://www.suse.com/security/cve/CVE-2023-52520"
},
{
"category": "external",
"summary": "SUSE Bug 1220921 for CVE-2023-52520",
"url": "https://bugzilla.suse.com/1220921"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52520"
},
{
"cve": "CVE-2023-52523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52523"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets\n\nWith a SOCKMAP/SOCKHASH map and an sk_msg program user can steer messages\nsent from one TCP socket (s1) to actually egress from another TCP\nsocket (s2):\n\ntcp_bpf_sendmsg(s1)\t\t// = sk_prot-\u003esendmsg\n tcp_bpf_send_verdict(s1)\t// __SK_REDIRECT case\n tcp_bpf_sendmsg_redir(s2)\n tcp_bpf_push_locked(s2)\n\ttcp_bpf_push(s2)\n\t tcp_rate_check_app_limited(s2) // expects tcp_sock\n\t tcp_sendmsg_locked(s2)\t // ditto\n\nThere is a hard-coded assumption in the call-chain, that the egress\nsocket (s2) is a TCP socket.\n\nHowever in commit 122e6c79efe1 (\"sock_map: Update sock type checks for\nUDP\") we have enabled redirects to non-TCP sockets. This was done for the\nsake of BPF sk_skb programs. There was no indention to support sk_msg\nsend-to-egress use case.\n\nAs a result, attempts to send-to-egress through a non-TCP socket lead to a\ncrash due to invalid downcast from sock to tcp_sock:\n\n BUG: kernel NULL pointer dereference, address: 000000000000002f\n ...\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x60/0x70\n ? __die+0x1f/0x70\n ? page_fault_oops+0x80/0x160\n ? do_user_addr_fault+0x2d7/0x800\n ? rcu_is_watching+0x11/0x50\n ? exc_page_fault+0x70/0x1c0\n ? asm_exc_page_fault+0x27/0x30\n ? tcp_tso_segs+0x14/0xa0\n tcp_write_xmit+0x67/0xce0\n __tcp_push_pending_frames+0x32/0xf0\n tcp_push+0x107/0x140\n tcp_sendmsg_locked+0x99f/0xbb0\n tcp_bpf_push+0x19d/0x3a0\n tcp_bpf_sendmsg_redir+0x55/0xd0\n tcp_bpf_send_verdict+0x407/0x550\n tcp_bpf_sendmsg+0x1a1/0x390\n inet_sendmsg+0x6a/0x70\n sock_sendmsg+0x9d/0xc0\n ? sockfd_lookup_light+0x12/0x80\n __sys_sendto+0x10e/0x160\n ? syscall_enter_from_user_mode+0x20/0x60\n ? __this_cpu_preempt_check+0x13/0x20\n ? lockdep_hardirqs_on+0x82/0x110\n __x64_sys_sendto+0x1f/0x30\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nReject selecting a non-TCP sockets as redirect target from a BPF sk_msg\nprogram to prevent the crash. When attempted, user will receive an EACCES\nerror from send/sendto/sendmsg() syscall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52523",
"url": "https://www.suse.com/security/cve/CVE-2023-52523"
},
{
"category": "external",
"summary": "SUSE Bug 1220926 for CVE-2023-52523",
"url": "https://bugzilla.suse.com/1220926"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52523"
},
{
"cve": "CVE-2023-52524",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52524"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: llcp: Add lock when modifying device list\n\nThe device list needs its associated lock held when modifying it, or the\nlist could become corrupted, as syzbot discovered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52524",
"url": "https://www.suse.com/security/cve/CVE-2023-52524"
},
{
"category": "external",
"summary": "SUSE Bug 1220927 for CVE-2023-52524",
"url": "https://bugzilla.suse.com/1220927"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52524"
},
{
"cve": "CVE-2023-52525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52525"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet\n\nOnly skip the code path trying to access the rfc1042 headers when the\nbuffer is too small, so the driver can still process packets without\nrfc1042 headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52525",
"url": "https://www.suse.com/security/cve/CVE-2023-52525"
},
{
"category": "external",
"summary": "SUSE Bug 1220840 for CVE-2023-52525",
"url": "https://bugzilla.suse.com/1220840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52525"
},
{
"cve": "CVE-2023-52528",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52528"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg\n\nsyzbot reported the following uninit-value access issue:\n\n=====================================================\nBUG: KMSAN: uninit-value in smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline]\nBUG: KMSAN: uninit-value in smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482\nCPU: 0 PID: 8696 Comm: kworker/0:3 Not tainted 5.8.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x21c/0x280 lib/dump_stack.c:118\n kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121\n __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215\n smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline]\n smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482\n usbnet_probe+0x1152/0x3f90 drivers/net/usb/usbnet.c:1737\n usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374\n really_probe+0xf20/0x20b0 drivers/base/dd.c:529\n driver_probe_device+0x293/0x390 drivers/base/dd.c:701\n __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807\n bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431\n __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:920\n bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491\n device_add+0x3b0e/0x40d0 drivers/base/core.c:2680\n usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032\n usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241\n usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272\n really_probe+0xf20/0x20b0 drivers/base/dd.c:529\n driver_probe_device+0x293/0x390 drivers/base/dd.c:701\n __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807\n bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431\n __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:920\n bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491\n device_add+0x3b0e/0x40d0 drivers/base/core.c:2680\n usb_new_device+0x1bd4/0x2a30 drivers/usb/core/hub.c:2554\n hub_port_connect drivers/usb/core/hub.c:5208 [inline]\n hub_port_connect_change drivers/usb/core/hub.c:5348 [inline]\n port_event drivers/usb/core/hub.c:5494 [inline]\n hub_event+0x5e7b/0x8a70 drivers/usb/core/hub.c:5576\n process_one_work+0x1688/0x2140 kernel/workqueue.c:2269\n worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415\n kthread+0x551/0x590 kernel/kthread.c:292\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293\n\nLocal variable ----buf.i87@smsc75xx_bind created at:\n __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline]\n smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline]\n smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482\n __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline]\n smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline]\n smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482\n\nThis issue is caused because usbnet_read_cmd() reads less bytes than requested\n(zero byte in the reproducer). In this case, \u0027buf\u0027 is not properly filled.\n\nThis patch fixes the issue by returning -ENODATA if usbnet_read_cmd() reads\nless bytes than requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52528",
"url": "https://www.suse.com/security/cve/CVE-2023-52528"
},
{
"category": "external",
"summary": "SUSE Bug 1220843 for CVE-2023-52528",
"url": "https://bugzilla.suse.com/1220843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52528"
},
{
"cve": "CVE-2023-52529",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52529"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: sony: Fix a potential memory leak in sony_probe()\n\nIf an error occurs after a successful usb_alloc_urb() call, usb_free_urb()\nshould be called.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52529",
"url": "https://www.suse.com/security/cve/CVE-2023-52529"
},
{
"category": "external",
"summary": "SUSE Bug 1220929 for CVE-2023-52529",
"url": "https://bugzilla.suse.com/1220929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52529"
},
{
"cve": "CVE-2023-52532",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52532"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix TX CQE error handling\n\nFor an unknown TX CQE error type (probably from a newer hardware),\nstill free the SKB, update the queue tail, etc., otherwise the\naccounting will be wrong.\n\nAlso, TX errors can be triggered by injecting corrupted packets, so\nreplace the WARN_ONCE to ratelimited error logging.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52532",
"url": "https://www.suse.com/security/cve/CVE-2023-52532"
},
{
"category": "external",
"summary": "SUSE Bug 1220932 for CVE-2023-52532",
"url": "https://bugzilla.suse.com/1220932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52532"
},
{
"cve": "CVE-2023-52564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52564"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"tty: n_gsm: fix UAF in gsm_cleanup_mux\"\n\nThis reverts commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239.\n\nThe commit above is reverted as it did not solve the original issue.\n\ngsm_cleanup_mux() tries to free up the virtual ttys by calling\ngsm_dlci_release() for each available DLCI. There, dlci_put() is called to\ndecrease the reference counter for the DLCI via tty_port_put() which\nfinally calls gsm_dlci_free(). This already clears the pointer which is\nbeing checked in gsm_cleanup_mux() before calling gsm_dlci_release().\nTherefore, it is not necessary to clear this pointer in gsm_cleanup_mux()\nas done in the reverted commit. The commit introduces a null pointer\ndereference:\n \u003cTASK\u003e\n ? __die+0x1f/0x70\n ? page_fault_oops+0x156/0x420\n ? search_exception_tables+0x37/0x50\n ? fixup_exception+0x21/0x310\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? tty_port_put+0x19/0xa0\n gsmtty_cleanup+0x29/0x80 [n_gsm]\n release_one_tty+0x37/0xe0\n process_one_work+0x1e6/0x3e0\n worker_thread+0x4c/0x3d0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe1/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe actual issue is that nothing guards dlci_put() from being called\nmultiple times while the tty driver was triggered but did not yet finished\ncalling gsm_dlci_free().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52564",
"url": "https://www.suse.com/security/cve/CVE-2023-52564"
},
{
"category": "external",
"summary": "SUSE Bug 1220938 for CVE-2023-52564",
"url": "https://bugzilla.suse.com/1220938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52564"
},
{
"cve": "CVE-2023-52566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52566"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential use after free in nilfs_gccache_submit_read_data()\n\nIn nilfs_gccache_submit_read_data(), brelse(bh) is called to drop the\nreference count of bh when the call to nilfs_dat_translate() fails. If\nthe reference count hits 0 and its owner page gets unlocked, bh may be\nfreed. However, bh-\u003eb_page is dereferenced to put the page after that,\nwhich may result in a use-after-free bug. This patch moves the release\noperation after unlocking and putting the page.\n\nNOTE: The function in question is only called in GC, and in combination\nwith current userland tools, address translation using DAT does not occur\nin that function, so the code path that causes this issue will not be\nexecuted. However, it is possible to run that code path by intentionally\nmodifying the userland GC library or by calling the GC ioctl directly.\n\n[konishi.ryusuke@gmail.com: NOTE added to the commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52566",
"url": "https://www.suse.com/security/cve/CVE-2023-52566"
},
{
"category": "external",
"summary": "SUSE Bug 1220940 for CVE-2023-52566",
"url": "https://bugzilla.suse.com/1220940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52566"
},
{
"cve": "CVE-2023-52567",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52567"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_port: Check IRQ data before use\n\nIn case the leaf driver wants to use IRQ polling (irq = 0) and\nIIR register shows that an interrupt happened in the 8250 hardware\nthe IRQ data can be NULL. In such a case we need to skip the wake\nevent as we came to this path from the timer interrupt and quite\nlikely system is already awake.\n\nWithout this fix we have got an Oops:\n\n serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200) is a 16550A\n ...\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n RIP: 0010:serial8250_handle_irq+0x7c/0x240\n Call Trace:\n ? serial8250_handle_irq+0x7c/0x240\n ? __pfx_serial8250_timeout+0x10/0x10",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52567",
"url": "https://www.suse.com/security/cve/CVE-2023-52567"
},
{
"category": "external",
"summary": "SUSE Bug 1220839 for CVE-2023-52567",
"url": "https://bugzilla.suse.com/1220839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "low"
}
],
"title": "CVE-2023-52567"
},
{
"cve": "CVE-2023-52569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52569"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: remove BUG() after failure to insert delayed dir index item\n\nInstead of calling BUG() when we fail to insert a delayed dir index item\ninto the delayed node\u0027s tree, we can just release all the resources we\nhave allocated/acquired before and return the error to the caller. This is\nfine because all existing call chains undo anything they have done before\ncalling btrfs_insert_delayed_dir_index() or BUG_ON (when creating pending\nsnapshots in the transaction commit path).\n\nSo remove the BUG() call and do proper error handling.\n\nThis relates to a syzbot report linked below, but does not fix it because\nit only prevents hitting a BUG(), it does not fix the issue where somehow\nwe attempt to use twice the same index number for different index items.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52569",
"url": "https://www.suse.com/security/cve/CVE-2023-52569"
},
{
"category": "external",
"summary": "SUSE Bug 1220918 for CVE-2023-52569",
"url": "https://bugzilla.suse.com/1220918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52569"
},
{
"cve": "CVE-2023-52574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: fix null-ptr-deref when team device type is changed\n\nGet a null-ptr-deref bug as follows with reproducer [1].\n\nBUG: kernel NULL pointer dereference, address: 0000000000000228\n...\nRIP: 0010:vlan_dev_hard_header+0x35/0x140 [8021q]\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x24/0x70\n ? page_fault_oops+0x82/0x150\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? vlan_dev_hard_header+0x35/0x140 [8021q]\n ? vlan_dev_hard_header+0x8e/0x140 [8021q]\n neigh_connected_output+0xb2/0x100\n ip6_finish_output2+0x1cb/0x520\n ? nf_hook_slow+0x43/0xc0\n ? ip6_mtu+0x46/0x80\n ip6_finish_output+0x2a/0xb0\n mld_sendpack+0x18f/0x250\n mld_ifc_work+0x39/0x160\n process_one_work+0x1e6/0x3f0\n worker_thread+0x4d/0x2f0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe5/0x120\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n\n[1]\n$ teamd -t team0 -d -c \u0027{\"runner\": {\"name\": \"loadbalance\"}}\u0027\n$ ip link add name t-dummy type dummy\n$ ip link add link t-dummy name t-dummy.100 type vlan id 100\n$ ip link add name t-nlmon type nlmon\n$ ip link set t-nlmon master team0\n$ ip link set t-nlmon nomaster\n$ ip link set t-dummy up\n$ ip link set team0 up\n$ ip link set t-dummy.100 down\n$ ip link set t-dummy.100 master team0\n\nWhen enslave a vlan device to team device and team device type is changed\nfrom non-ether to ether, header_ops of team device is changed to\nvlan_header_ops. That is incorrect and will trigger null-ptr-deref\nfor vlan-\u003ereal_dev in vlan_dev_hard_header() because team device is not\na vlan device.\n\nCache eth_header_ops in team_setup(), then assign cached header_ops to\nheader_ops of team net device when its type is changed from non-ether\nto ether to fix the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52574",
"url": "https://www.suse.com/security/cve/CVE-2023-52574"
},
{
"category": "external",
"summary": "SUSE Bug 1220870 for CVE-2023-52574",
"url": "https://bugzilla.suse.com/1220870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52574"
},
{
"cve": "CVE-2023-52575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52575"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52575",
"url": "https://www.suse.com/security/cve/CVE-2023-52575"
},
{
"category": "external",
"summary": "SUSE Bug 1220871 for CVE-2023-52575",
"url": "https://bugzilla.suse.com/1220871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52575"
},
{
"cve": "CVE-2023-52576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52576"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()\n\nThe code calling ima_free_kexec_buffer() runs long after the memblock\nallocator has already been torn down, potentially resulting in a use\nafter free in memblock_isolate_range().\n\nWith KASAN or KFENCE, this use after free will result in a BUG\nfrom the idle task, and a subsequent kernel panic.\n\nSwitch ima_free_kexec_buffer() over to memblock_free_late() to avoid\nthat bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52576",
"url": "https://www.suse.com/security/cve/CVE-2023-52576"
},
{
"category": "external",
"summary": "SUSE Bug 1220872 for CVE-2023-52576",
"url": "https://bugzilla.suse.com/1220872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52576"
},
{
"cve": "CVE-2023-52582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52582"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Only call folio_start_fscache() one time for each folio\n\nIf a network filesystem using netfs implements a clamp_length()\nfunction, it can set subrequest lengths smaller than a page size.\n\nWhen we loop through the folios in netfs_rreq_unlock_folios() to\nset any folios to be written back, we need to make sure we only\ncall folio_start_fscache() once for each folio.\n\nOtherwise, this simple testcase:\n\n mount -o fsc,rsize=1024,wsize=1024 127.0.0.1:/export /mnt/nfs\n dd if=/dev/zero of=/mnt/nfs/file.bin bs=4096 count=1\n 1+0 records in\n 1+0 records out\n 4096 bytes (4.1 kB, 4.0 KiB) copied, 0.0126359 s, 324 kB/s\n echo 3 \u003e /proc/sys/vm/drop_caches\n cat /mnt/nfs/file.bin \u003e /dev/null\n\nwill trigger an oops similar to the following:\n\n page dumped because: VM_BUG_ON_FOLIO(folio_test_private_2(folio))\n ------------[ cut here ]------------\n kernel BUG at include/linux/netfs.h:44!\n ...\n CPU: 5 PID: 134 Comm: kworker/u16:5 Kdump: loaded Not tainted 6.4.0-rc5\n ...\n RIP: 0010:netfs_rreq_unlock_folios+0x68e/0x730 [netfs]\n ...\n Call Trace:\n netfs_rreq_assess+0x497/0x660 [netfs]\n netfs_subreq_terminated+0x32b/0x610 [netfs]\n nfs_netfs_read_completion+0x14e/0x1a0 [nfs]\n nfs_read_completion+0x2f9/0x330 [nfs]\n rpc_free_task+0x72/0xa0 [sunrpc]\n rpc_async_release+0x46/0x70 [sunrpc]\n process_one_work+0x3bd/0x710\n worker_thread+0x89/0x610\n kthread+0x181/0x1c0\n ret_from_fork+0x29/0x50",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52582",
"url": "https://www.suse.com/security/cve/CVE-2023-52582"
},
{
"category": "external",
"summary": "SUSE Bug 1220878 for CVE-2023-52582",
"url": "https://bugzilla.suse.com/1220878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52582"
},
{
"cve": "CVE-2023-52583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix deadlock or deadcode of misusing dget()\n\nThe lock order is incorrect between denty and its parent, we should\nalways make sure that the parent get the lock first.\n\nBut since this deadcode is never used and the parent dir will always\nbe set from the callers, let\u0027s just remove it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52583",
"url": "https://www.suse.com/security/cve/CVE-2023-52583"
},
{
"category": "external",
"summary": "SUSE Bug 1221058 for CVE-2023-52583",
"url": "https://bugzilla.suse.com/1221058"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52583"
},
{
"cve": "CVE-2023-52597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix setting of fpc register\n\nkvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control\n(fpc) register of a guest cpu. The new value is tested for validity by\ntemporarily loading it into the fpc register.\n\nThis may lead to corruption of the fpc register of the host process:\nif an interrupt happens while the value is temporarily loaded into the fpc\nregister, and within interrupt context floating point or vector registers\nare used, the current fp/vx registers are saved with save_fpu_regs()\nassuming they belong to user space and will be loaded into fp/vx registers\nwhen returning to user space.\n\ntest_fp_ctl() restores the original user space / host process fpc register\nvalue, however it will be discarded, when returning to user space.\n\nIn result the host process will incorrectly continue to run with the value\nthat was supposed to be used for a guest cpu.\n\nFix this by simply removing the test. There is another test right before\nthe SIE context is entered which will handles invalid values.\n\nThis results in a change of behaviour: invalid values will now be accepted\ninstead of that the ioctl fails with -EINVAL. This seems to be acceptable,\ngiven that this interface is most likely not used anymore, and this is in\naddition the same behaviour implemented with the memory mapped interface\n(replace invalid values with zero) - see sync_regs() in kvm-s390.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52597",
"url": "https://www.suse.com/security/cve/CVE-2023-52597"
},
{
"category": "external",
"summary": "SUSE Bug 1221040 for CVE-2023-52597",
"url": "https://bugzilla.suse.com/1221040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52597"
},
{
"cve": "CVE-2023-52605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52605"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52605",
"url": "https://www.suse.com/security/cve/CVE-2023-52605"
},
{
"category": "external",
"summary": "SUSE Bug 1221039 for CVE-2023-52605",
"url": "https://bugzilla.suse.com/1221039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52605"
},
{
"cve": "CVE-2023-52621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check rcu_read_lock_trace_held() before calling bpf map helpers\n\nThese three bpf_map_{lookup,update,delete}_elem() helpers are also\navailable for sleepable bpf program, so add the corresponding lock\nassertion for sleepable bpf program, otherwise the following warning\nwill be reported when a sleepable bpf program manipulates bpf map under\ninterpreter mode (aka bpf_jit_enable=0):\n\n WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 ......\n CPU: 3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\n RIP: 0010:bpf_map_lookup_elem+0x54/0x60\n ......\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xa5/0x240\n ? bpf_map_lookup_elem+0x54/0x60\n ? report_bug+0x1ba/0x1f0\n ? handle_bug+0x40/0x80\n ? exc_invalid_op+0x18/0x50\n ? asm_exc_invalid_op+0x1b/0x20\n ? __pfx_bpf_map_lookup_elem+0x10/0x10\n ? rcu_lockdep_current_cpu_online+0x65/0xb0\n ? rcu_is_watching+0x23/0x50\n ? bpf_map_lookup_elem+0x54/0x60\n ? __pfx_bpf_map_lookup_elem+0x10/0x10\n ___bpf_prog_run+0x513/0x3b70\n __bpf_prog_run32+0x9d/0xd0\n ? __bpf_prog_enter_sleepable_recur+0xad/0x120\n ? __bpf_prog_enter_sleepable_recur+0x3e/0x120\n bpf_trampoline_6442580665+0x4d/0x1000\n __x64_sys_getpgid+0x5/0x30\n ? do_syscall_64+0x36/0xb0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52621",
"url": "https://www.suse.com/security/cve/CVE-2023-52621"
},
{
"category": "external",
"summary": "SUSE Bug 1222073 for CVE-2023-52621",
"url": "https://bugzilla.suse.com/1222073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-52621"
},
{
"cve": "CVE-2024-25742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-25742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-25742",
"url": "https://www.suse.com/security/cve/CVE-2024-25742"
},
{
"category": "external",
"summary": "SUSE Bug 1221725 for CVE-2024-25742",
"url": "https://bugzilla.suse.com/1221725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-25742"
},
{
"cve": "CVE-2024-26600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP\n\nIf the external phy working together with phy-omap-usb2 does not implement\nsend_srp(), we may still attempt to call it. This can happen on an idle\nEthernet gadget triggering a wakeup for example:\n\nconfigfs-gadget.g1 gadget.0: ECM Suspend\nconfigfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup\n...\nUnable to handle kernel NULL pointer dereference at virtual address\n00000000 when execute\n...\nPC is at 0x0\nLR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]\n...\nmusb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]\nusb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]\neth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c\ndev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4\nsch_direct_xmit from __dev_queue_xmit+0x334/0xd88\n__dev_queue_xmit from arp_solicit+0xf0/0x268\narp_solicit from neigh_probe+0x54/0x7c\nneigh_probe from __neigh_event_send+0x22c/0x47c\n__neigh_event_send from neigh_resolve_output+0x14c/0x1c0\nneigh_resolve_output from ip_finish_output2+0x1c8/0x628\nip_finish_output2 from ip_send_skb+0x40/0xd8\nip_send_skb from udp_send_skb+0x124/0x340\nudp_send_skb from udp_sendmsg+0x780/0x984\nudp_sendmsg from __sys_sendto+0xd8/0x158\n__sys_sendto from ret_fast_syscall+0x0/0x58\n\nLet\u0027s fix the issue by checking for send_srp() and set_vbus() before\ncalling them. For USB peripheral only cases these both could be NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26600",
"url": "https://www.suse.com/security/cve/CVE-2024-26600"
},
{
"category": "external",
"summary": "SUSE Bug 1220340 for CVE-2024-26600",
"url": "https://bugzilla.suse.com/1220340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.76.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.76.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-16T16:04:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-26600"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…