suse-su-2024:1647-1
Vulnerability from csaf_suse
Published
2024-05-14 14:30
Modified
2024-05-14 14:30
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
The following non-security bugs were fixed:
- Call flush_delayed_fput() from nfsd main-loop (bsc#1223380).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
Patchnames
SUSE-2024-1647,SUSE-SLE-Micro-5.3-2024-1647,SUSE-SLE-Micro-5.4-2024-1647,openSUSE-Leap-Micro-5.3-2024-1647,openSUSE-Leap-Micro-5.4-2024-1647
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).\n- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).\n- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).\n- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).\n- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).\n- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb-\u003emac_header (bsc#1223513).\n- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).\n- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).\n- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).\n- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).\n- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).\n- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).\n- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).\n- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).\n- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).\n- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).\n- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).\n- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).\n- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).\n- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).\n- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).\n- CVE-2024-26614: Fixed the initialization of accept_queue\u0027s spinlocks (bsc#1221293).\n- CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061).\n- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).\n- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).\n\n\nThe following non-security bugs were fixed:\n\n- Call flush_delayed_fput() from nfsd main-loop (bsc#1223380).\n- ibmvfc: make \u0027max_sectors\u0027 a module option (bsc#1216223).\n- scsi: Update max_hw_sectors on rescan (bsc#1216223).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1647,SUSE-SLE-Micro-5.3-2024-1647,SUSE-SLE-Micro-5.4-2024-1647,openSUSE-Leap-Micro-5.3-2024-1647,openSUSE-Leap-Micro-5.4-2024-1647",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1647-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1647-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241647-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1647-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-May/035260.html"
},
{
"category": "self",
"summary": "SUSE Bug 1190576",
"url": "https://bugzilla.suse.com/1190576"
},
{
"category": "self",
"summary": "SUSE Bug 1192145",
"url": "https://bugzilla.suse.com/1192145"
},
{
"category": "self",
"summary": "SUSE Bug 1192354",
"url": "https://bugzilla.suse.com/1192354"
},
{
"category": "self",
"summary": "SUSE Bug 1192837",
"url": "https://bugzilla.suse.com/1192837"
},
{
"category": "self",
"summary": "SUSE Bug 1193629",
"url": "https://bugzilla.suse.com/1193629"
},
{
"category": "self",
"summary": "SUSE Bug 1203906",
"url": "https://bugzilla.suse.com/1203906"
},
{
"category": "self",
"summary": "SUSE Bug 1203935",
"url": "https://bugzilla.suse.com/1203935"
},
{
"category": "self",
"summary": "SUSE Bug 1204614",
"url": "https://bugzilla.suse.com/1204614"
},
{
"category": "self",
"summary": "SUSE Bug 1206881",
"url": "https://bugzilla.suse.com/1206881"
},
{
"category": "self",
"summary": "SUSE Bug 1209657",
"url": "https://bugzilla.suse.com/1209657"
},
{
"category": "self",
"summary": "SUSE Bug 1215221",
"url": "https://bugzilla.suse.com/1215221"
},
{
"category": "self",
"summary": "SUSE Bug 1216223",
"url": "https://bugzilla.suse.com/1216223"
},
{
"category": "self",
"summary": "SUSE Bug 1218336",
"url": "https://bugzilla.suse.com/1218336"
},
{
"category": "self",
"summary": "SUSE Bug 1218479",
"url": "https://bugzilla.suse.com/1218479"
},
{
"category": "self",
"summary": "SUSE Bug 1218562",
"url": "https://bugzilla.suse.com/1218562"
},
{
"category": "self",
"summary": "SUSE Bug 1219104",
"url": "https://bugzilla.suse.com/1219104"
},
{
"category": "self",
"summary": "SUSE Bug 1219126",
"url": "https://bugzilla.suse.com/1219126"
},
{
"category": "self",
"summary": "SUSE Bug 1219169",
"url": "https://bugzilla.suse.com/1219169"
},
{
"category": "self",
"summary": "SUSE Bug 1219170",
"url": "https://bugzilla.suse.com/1219170"
},
{
"category": "self",
"summary": "SUSE Bug 1219264",
"url": "https://bugzilla.suse.com/1219264"
},
{
"category": "self",
"summary": "SUSE Bug 1220342",
"url": "https://bugzilla.suse.com/1220342"
},
{
"category": "self",
"summary": "SUSE Bug 1220703",
"url": "https://bugzilla.suse.com/1220703"
},
{
"category": "self",
"summary": "SUSE Bug 1220761",
"url": "https://bugzilla.suse.com/1220761"
},
{
"category": "self",
"summary": "SUSE Bug 1220883",
"url": "https://bugzilla.suse.com/1220883"
},
{
"category": "self",
"summary": "SUSE Bug 1221044",
"url": "https://bugzilla.suse.com/1221044"
},
{
"category": "self",
"summary": "SUSE Bug 1221061",
"url": "https://bugzilla.suse.com/1221061"
},
{
"category": "self",
"summary": "SUSE Bug 1221088",
"url": "https://bugzilla.suse.com/1221088"
},
{
"category": "self",
"summary": "SUSE Bug 1221293",
"url": "https://bugzilla.suse.com/1221293"
},
{
"category": "self",
"summary": "SUSE Bug 1221299",
"url": "https://bugzilla.suse.com/1221299"
},
{
"category": "self",
"summary": "SUSE Bug 1221612",
"url": "https://bugzilla.suse.com/1221612"
},
{
"category": "self",
"summary": "SUSE Bug 1221830",
"url": "https://bugzilla.suse.com/1221830"
},
{
"category": "self",
"summary": "SUSE Bug 1222117",
"url": "https://bugzilla.suse.com/1222117"
},
{
"category": "self",
"summary": "SUSE Bug 1222422",
"url": "https://bugzilla.suse.com/1222422"
},
{
"category": "self",
"summary": "SUSE Bug 1222430",
"url": "https://bugzilla.suse.com/1222430"
},
{
"category": "self",
"summary": "SUSE Bug 1222435",
"url": "https://bugzilla.suse.com/1222435"
},
{
"category": "self",
"summary": "SUSE Bug 1222482",
"url": "https://bugzilla.suse.com/1222482"
},
{
"category": "self",
"summary": "SUSE Bug 1222503",
"url": "https://bugzilla.suse.com/1222503"
},
{
"category": "self",
"summary": "SUSE Bug 1222536",
"url": "https://bugzilla.suse.com/1222536"
},
{
"category": "self",
"summary": "SUSE Bug 1222559",
"url": "https://bugzilla.suse.com/1222559"
},
{
"category": "self",
"summary": "SUSE Bug 1222585",
"url": "https://bugzilla.suse.com/1222585"
},
{
"category": "self",
"summary": "SUSE Bug 1222618",
"url": "https://bugzilla.suse.com/1222618"
},
{
"category": "self",
"summary": "SUSE Bug 1222624",
"url": "https://bugzilla.suse.com/1222624"
},
{
"category": "self",
"summary": "SUSE Bug 1222660",
"url": "https://bugzilla.suse.com/1222660"
},
{
"category": "self",
"summary": "SUSE Bug 1222662",
"url": "https://bugzilla.suse.com/1222662"
},
{
"category": "self",
"summary": "SUSE Bug 1222664",
"url": "https://bugzilla.suse.com/1222664"
},
{
"category": "self",
"summary": "SUSE Bug 1222666",
"url": "https://bugzilla.suse.com/1222666"
},
{
"category": "self",
"summary": "SUSE Bug 1222671",
"url": "https://bugzilla.suse.com/1222671"
},
{
"category": "self",
"summary": "SUSE Bug 1222703",
"url": "https://bugzilla.suse.com/1222703"
},
{
"category": "self",
"summary": "SUSE Bug 1222704",
"url": "https://bugzilla.suse.com/1222704"
},
{
"category": "self",
"summary": "SUSE Bug 1222706",
"url": "https://bugzilla.suse.com/1222706"
},
{
"category": "self",
"summary": "SUSE Bug 1222709",
"url": "https://bugzilla.suse.com/1222709"
},
{
"category": "self",
"summary": "SUSE Bug 1222721",
"url": "https://bugzilla.suse.com/1222721"
},
{
"category": "self",
"summary": "SUSE Bug 1222726",
"url": "https://bugzilla.suse.com/1222726"
},
{
"category": "self",
"summary": "SUSE Bug 1222773",
"url": "https://bugzilla.suse.com/1222773"
},
{
"category": "self",
"summary": "SUSE Bug 1222776",
"url": "https://bugzilla.suse.com/1222776"
},
{
"category": "self",
"summary": "SUSE Bug 1222785",
"url": "https://bugzilla.suse.com/1222785"
},
{
"category": "self",
"summary": "SUSE Bug 1222787",
"url": "https://bugzilla.suse.com/1222787"
},
{
"category": "self",
"summary": "SUSE Bug 1222790",
"url": "https://bugzilla.suse.com/1222790"
},
{
"category": "self",
"summary": "SUSE Bug 1222791",
"url": "https://bugzilla.suse.com/1222791"
},
{
"category": "self",
"summary": "SUSE Bug 1222792",
"url": "https://bugzilla.suse.com/1222792"
},
{
"category": "self",
"summary": "SUSE Bug 1222796",
"url": "https://bugzilla.suse.com/1222796"
},
{
"category": "self",
"summary": "SUSE Bug 1222824",
"url": "https://bugzilla.suse.com/1222824"
},
{
"category": "self",
"summary": "SUSE Bug 1222829",
"url": "https://bugzilla.suse.com/1222829"
},
{
"category": "self",
"summary": "SUSE Bug 1222832",
"url": "https://bugzilla.suse.com/1222832"
},
{
"category": "self",
"summary": "SUSE Bug 1222836",
"url": "https://bugzilla.suse.com/1222836"
},
{
"category": "self",
"summary": "SUSE Bug 1222838",
"url": "https://bugzilla.suse.com/1222838"
},
{
"category": "self",
"summary": "SUSE Bug 1222866",
"url": "https://bugzilla.suse.com/1222866"
},
{
"category": "self",
"summary": "SUSE Bug 1222867",
"url": "https://bugzilla.suse.com/1222867"
},
{
"category": "self",
"summary": "SUSE Bug 1222869",
"url": "https://bugzilla.suse.com/1222869"
},
{
"category": "self",
"summary": "SUSE Bug 1222876",
"url": "https://bugzilla.suse.com/1222876"
},
{
"category": "self",
"summary": "SUSE Bug 1222878",
"url": "https://bugzilla.suse.com/1222878"
},
{
"category": "self",
"summary": "SUSE Bug 1222879",
"url": "https://bugzilla.suse.com/1222879"
},
{
"category": "self",
"summary": "SUSE Bug 1222881",
"url": "https://bugzilla.suse.com/1222881"
},
{
"category": "self",
"summary": "SUSE Bug 1222883",
"url": "https://bugzilla.suse.com/1222883"
},
{
"category": "self",
"summary": "SUSE Bug 1222888",
"url": "https://bugzilla.suse.com/1222888"
},
{
"category": "self",
"summary": "SUSE Bug 1222894",
"url": "https://bugzilla.suse.com/1222894"
},
{
"category": "self",
"summary": "SUSE Bug 1222901",
"url": "https://bugzilla.suse.com/1222901"
},
{
"category": "self",
"summary": "SUSE Bug 1223016",
"url": "https://bugzilla.suse.com/1223016"
},
{
"category": "self",
"summary": "SUSE Bug 1223187",
"url": "https://bugzilla.suse.com/1223187"
},
{
"category": "self",
"summary": "SUSE Bug 1223380",
"url": "https://bugzilla.suse.com/1223380"
},
{
"category": "self",
"summary": "SUSE Bug 1223474",
"url": "https://bugzilla.suse.com/1223474"
},
{
"category": "self",
"summary": "SUSE Bug 1223475",
"url": "https://bugzilla.suse.com/1223475"
},
{
"category": "self",
"summary": "SUSE Bug 1223477",
"url": "https://bugzilla.suse.com/1223477"
},
{
"category": "self",
"summary": "SUSE Bug 1223479",
"url": "https://bugzilla.suse.com/1223479"
},
{
"category": "self",
"summary": "SUSE Bug 1223482",
"url": "https://bugzilla.suse.com/1223482"
},
{
"category": "self",
"summary": "SUSE Bug 1223484",
"url": "https://bugzilla.suse.com/1223484"
},
{
"category": "self",
"summary": "SUSE Bug 1223487",
"url": "https://bugzilla.suse.com/1223487"
},
{
"category": "self",
"summary": "SUSE Bug 1223503",
"url": "https://bugzilla.suse.com/1223503"
},
{
"category": "self",
"summary": "SUSE Bug 1223505",
"url": "https://bugzilla.suse.com/1223505"
},
{
"category": "self",
"summary": "SUSE Bug 1223509",
"url": "https://bugzilla.suse.com/1223509"
},
{
"category": "self",
"summary": "SUSE Bug 1223513",
"url": "https://bugzilla.suse.com/1223513"
},
{
"category": "self",
"summary": "SUSE Bug 1223516",
"url": "https://bugzilla.suse.com/1223516"
},
{
"category": "self",
"summary": "SUSE Bug 1223517",
"url": "https://bugzilla.suse.com/1223517"
},
{
"category": "self",
"summary": "SUSE Bug 1223518",
"url": "https://bugzilla.suse.com/1223518"
},
{
"category": "self",
"summary": "SUSE Bug 1223519",
"url": "https://bugzilla.suse.com/1223519"
},
{
"category": "self",
"summary": "SUSE Bug 1223522",
"url": "https://bugzilla.suse.com/1223522"
},
{
"category": "self",
"summary": "SUSE Bug 1223523",
"url": "https://bugzilla.suse.com/1223523"
},
{
"category": "self",
"summary": "SUSE Bug 1223705",
"url": "https://bugzilla.suse.com/1223705"
},
{
"category": "self",
"summary": "SUSE Bug 1223824",
"url": "https://bugzilla.suse.com/1223824"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47047 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47181 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47182 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47183 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47184 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47185 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47187 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47188 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47189 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47191 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47192 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47193 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47194 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47195 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47196 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47197 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47198 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47199 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47200 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47201 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47202 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47203 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47204 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47205 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47207 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47209 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47210 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47211 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47212 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47212/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47215 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47216 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47217 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47218 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47219 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47219/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48631 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48637 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48638 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48647 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48648 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48650 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48651 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48653 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48654 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48655 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48655/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48656 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48657 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48660 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48662 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48663 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48667 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48668 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0160 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52476 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52500 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52590 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52590/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52591 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52591/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52607 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52607/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52616 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52628 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-7042 page",
"url": "https://www.suse.com/security/cve/CVE-2023-7042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-7192 page",
"url": "https://www.suse.com/security/cve/CVE-2023-7192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0841 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22099 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23307 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23848 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23850 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26601 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26610 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26614 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26642 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26642/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26687 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26688 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26689 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26704 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26727 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26733 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26739 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26764 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26766 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26773 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26792 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26816 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26898 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26903 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27043 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27389 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27389/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2024-05-14T14:30:56Z",
"generator": {
"date": "2024-05-14T14:30:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1647-1",
"initial_release_date": "2024-05-14T14:30:56Z",
"revision_history": [
{
"date": "2024-05-14T14:30:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.14.21-150400.15.79.1.noarch",
"product": {
"name": "kernel-devel-rt-5.14.21-150400.15.79.1.noarch",
"product_id": "kernel-devel-rt-5.14.21-150400.15.79.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"product": {
"name": "kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"product_id": "kernel-source-rt-5.14.21-150400.15.79.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.14.21-150400.15.79.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.14.21-150400.15.79.1.x86_64",
"product_id": "dlm-kmp-rt-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.14.21-150400.15.79.1.x86_64",
"product_id": "gfs2-kmp-rt-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "kernel-rt-5.14.21-150400.15.79.1.x86_64",
"product_id": "kernel-rt-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.14.21-150400.15.79.1.x86_64",
"product_id": "kernel-rt-devel-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.14.21-150400.15.79.1.x86_64",
"product_id": "kernel-rt-extra-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-5.14.21-150400.15.79.1.x86_64",
"product_id": "kernel-rt-livepatch-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.79.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.14.21-150400.15.79.1.x86_64",
"product_id": "kernel-rt-optional-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.14.21-150400.15.79.1.x86_64",
"product_id": "kernel-rt_debug-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.14.21-150400.15.79.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.14.21-150400.15.79.1.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.14.21-150400.15.79.1.x86_64",
"product_id": "kernel-syms-rt-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.14.21-150400.15.79.1.x86_64",
"product_id": "kselftests-kmp-rt-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.14.21-150400.15.79.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.14.21-150400.15.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.14.21-150400.15.79.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.14.21-150400.15.79.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.14.21-150400.15.79.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.4",
"product": {
"name": "openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.79.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.79.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.79.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.79.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.79.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.79.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.79.1.x86_64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.79.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.79.1.x86_64 as component of openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.79.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-47047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails\n\nThe spi controller supports 44-bit address space on AXI in DMA mode,\nso set dma_addr_t width to 44-bit to avoid using a swiotlb mapping.\nIn addition, if dma_map_single fails, it should return immediately\ninstead of continuing doing the DMA operation which bases on invalid\naddress.\n\nThis fixes the following crash which occurs in reading a big block\nfrom flash:\n\n[ 123.633577] zynqmp-qspi ff0f0000.spi: swiotlb buffer is full (sz: 4194304 bytes), total 32768 (slots), used 0 (slots)\n[ 123.644230] zynqmp-qspi ff0f0000.spi: ERR:rxdma:memory not mapped\n[ 123.784625] Unable to handle kernel paging request at virtual address 00000000003fffc0\n[ 123.792536] Mem abort info:\n[ 123.795313] ESR = 0x96000145\n[ 123.798351] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 123.803655] SET = 0, FnV = 0\n[ 123.806693] EA = 0, S1PTW = 0\n[ 123.809818] Data abort info:\n[ 123.812683] ISV = 0, ISS = 0x00000145\n[ 123.816503] CM = 1, WnR = 1\n[ 123.819455] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000805047000\n[ 123.825887] [00000000003fffc0] pgd=0000000803b45003, p4d=0000000803b45003, pud=0000000000000000\n[ 123.834586] Internal error: Oops: 96000145 [#1] PREEMPT SMP",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47047",
"url": "https://www.suse.com/security/cve/CVE-2021-47047"
},
{
"category": "external",
"summary": "SUSE Bug 1220761 for CVE-2021-47047",
"url": "https://bugzilla.suse.com/1220761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47047"
},
{
"cve": "CVE-2021-47181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: tusb6010: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47181",
"url": "https://www.suse.com/security/cve/CVE-2021-47181"
},
{
"category": "external",
"summary": "SUSE Bug 1222660 for CVE-2021-47181",
"url": "https://bugzilla.suse.com/1222660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47181"
},
{
"cve": "CVE-2021-47182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix scsi_mode_sense() buffer length handling\n\nSeveral problems exist with scsi_mode_sense() buffer length handling:\n\n 1) The allocation length field of the MODE SENSE(10) command is 16-bits,\n occupying bytes 7 and 8 of the CDB. With this command, access to mode\n pages larger than 255 bytes is thus possible. However, the CDB\n allocation length field is set by assigning len to byte 8 only, thus\n truncating buffer length larger than 255.\n\n 2) If scsi_mode_sense() is called with len smaller than 8 with\n sdev-\u003euse_10_for_ms set, or smaller than 4 otherwise, the buffer length\n is increased to 8 and 4 respectively, and the buffer is zero filled\n with these increased values, thus corrupting the memory following the\n buffer.\n\nFix these 2 problems by using put_unaligned_be16() to set the allocation\nlength field of MODE SENSE(10) CDB and by returning an error when len is\ntoo small.\n\nFurthermore, if len is larger than 255B, always try MODE SENSE(10) first,\neven if the device driver did not set sdev-\u003euse_10_for_ms. In case of\ninvalid opcode error for MODE SENSE(10), access to mode pages larger than\n255 bytes are not retried using MODE SENSE(6). To avoid buffer length\noverflows for the MODE_SENSE(10) case, check that len is smaller than 65535\nbytes.\n\nWhile at it, also fix the folowing:\n\n * Use get_unaligned_be16() to retrieve the mode data length and block\n descriptor length fields of the mode sense reply header instead of using\n an open coded calculation.\n\n * Fix the kdoc dbd argument explanation: the DBD bit stands for Disable\n Block Descriptor, which is the opposite of what the dbd argument\n description was.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47182",
"url": "https://www.suse.com/security/cve/CVE-2021-47182"
},
{
"category": "external",
"summary": "SUSE Bug 1222662 for CVE-2021-47182",
"url": "https://bugzilla.suse.com/1222662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47182"
},
{
"cve": "CVE-2021-47183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix link down processing to address NULL pointer dereference\n\nIf an FC link down transition while PLOGIs are outstanding to fabric well\nknown addresses, outstanding ABTS requests may result in a NULL pointer\ndereference. Driver unload requests may hang with repeated \"2878\" log\nmessages.\n\nThe Link down processing results in ABTS requests for outstanding ELS\nrequests. The Abort WQEs are sent for the ELSs before the driver had set\nthe link state to down. Thus the driver is sending the Abort with the\nexpectation that an ABTS will be sent on the wire. The Abort request is\nstalled waiting for the link to come up. In some conditions the driver may\nauto-complete the ELSs thus if the link does come up, the Abort completions\nmay reference an invalid structure.\n\nFix by ensuring that Abort set the flag to avoid link traffic if issued due\nto conditions where the link failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47183",
"url": "https://www.suse.com/security/cve/CVE-2021-47183"
},
{
"category": "external",
"summary": "SUSE Bug 1222664 for CVE-2021-47183",
"url": "https://bugzilla.suse.com/1222664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47183"
},
{
"cve": "CVE-2021-47184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47184"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix NULL ptr dereference on VSI filter sync\n\nRemove the reason of null pointer dereference in sync VSI filters.\nAdded new I40E_VSI_RELEASING flag to signalize deleting and releasing\nof VSI resources to sync this thread with sync filters subtask.\nWithout this patch it is possible to start update the VSI filter list\nafter VSI is removed, that\u0027s causing a kernel oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47184",
"url": "https://www.suse.com/security/cve/CVE-2021-47184"
},
{
"category": "external",
"summary": "SUSE Bug 1222666 for CVE-2021-47184",
"url": "https://bugzilla.suse.com/1222666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47184"
},
{
"cve": "CVE-2021-47185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: tty_buffer: Fix the softlockup issue in flush_to_ldisc\n\nWhen running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup,\nwhich look like this one:\n\n Workqueue: events_unbound flush_to_ldisc\n Call trace:\n dump_backtrace+0x0/0x1ec\n show_stack+0x24/0x30\n dump_stack+0xd0/0x128\n panic+0x15c/0x374\n watchdog_timer_fn+0x2b8/0x304\n __run_hrtimer+0x88/0x2c0\n __hrtimer_run_queues+0xa4/0x120\n hrtimer_interrupt+0xfc/0x270\n arch_timer_handler_phys+0x40/0x50\n handle_percpu_devid_irq+0x94/0x220\n __handle_domain_irq+0x88/0xf0\n gic_handle_irq+0x84/0xfc\n el1_irq+0xc8/0x180\n slip_unesc+0x80/0x214 [slip]\n tty_ldisc_receive_buf+0x64/0x80\n tty_port_default_receive_buf+0x50/0x90\n flush_to_ldisc+0xbc/0x110\n process_one_work+0x1d4/0x4b0\n worker_thread+0x180/0x430\n kthread+0x11c/0x120\n\nIn the testcase pty04, The first process call the write syscall to send\ndata to the pty master. At the same time, the workqueue will do the\nflush_to_ldisc to pop data in a loop until there is no more data left.\nWhen the sender and workqueue running in different core, the sender sends\ndata fastly in full time which will result in workqueue doing work in loop\nfor a long time and occuring softlockup in flush_to_ldisc with kernel\nconfigured without preempt. So I add need_resched check and cond_resched\nin the flush_to_ldisc loop to avoid it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47185",
"url": "https://www.suse.com/security/cve/CVE-2021-47185"
},
{
"category": "external",
"summary": "SUSE Bug 1222669 for CVE-2021-47185",
"url": "https://bugzilla.suse.com/1222669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47185"
},
{
"cve": "CVE-2021-47187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency\n\nThe entry/exit latency and minimum residency in state for the idle\nstates of MSM8998 were ..bad: first of all, for all of them the\ntimings were written for CPU sleep but the min-residency-us param\nwas miscalculated (supposedly, while porting this from downstream);\nThen, the power collapse states are setting PC on both the CPU\ncluster *and* the L2 cache, which have different timings: in the\nspecific case of L2 the times are higher so these ones should be\ntaken into account instead of the CPU ones.\n\nThis parameter misconfiguration was not giving particular issues\nbecause on MSM8998 there was no CPU scaling at all, so cluster/L2\npower collapse was rarely (if ever) hit.\nWhen CPU scaling is enabled, though, the wrong timings will produce\nSoC unstability shown to the user as random, apparently error-less,\nsudden reboots and/or lockups.\n\nThis set of parameters are stabilizing the SoC when CPU scaling is\nON and when power collapse is frequently hit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47187",
"url": "https://www.suse.com/security/cve/CVE-2021-47187"
},
{
"category": "external",
"summary": "SUSE Bug 1222703 for CVE-2021-47187",
"url": "https://bugzilla.suse.com/1222703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47187"
},
{
"cve": "CVE-2021-47188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Improve SCSI abort handling\n\nThe following has been observed on a test setup:\n\nWARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c\nCall trace:\n ufshcd_queuecommand+0x468/0x65c\n scsi_send_eh_cmnd+0x224/0x6a0\n scsi_eh_test_devices+0x248/0x418\n scsi_eh_ready_devs+0xc34/0xe58\n scsi_error_handler+0x204/0x80c\n kthread+0x150/0x1b4\n ret_from_fork+0x10/0x30\n\nThat warning is triggered by the following statement:\n\n\tWARN_ON(lrbp-\u003ecmd);\n\nFix this warning by clearing lrbp-\u003ecmd from the abort handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47188",
"url": "https://www.suse.com/security/cve/CVE-2021-47188"
},
{
"category": "external",
"summary": "SUSE Bug 1222671 for CVE-2021-47188",
"url": "https://bugzilla.suse.com/1222671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47188"
},
{
"cve": "CVE-2021-47189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix memory ordering between normal and ordered work functions\n\nOrdered work functions aren\u0027t guaranteed to be handled by the same thread\nwhich executed the normal work functions. The only way execution between\nnormal/ordered functions is synchronized is via the WORK_DONE_BIT,\nunfortunately the used bitops don\u0027t guarantee any ordering whatsoever.\n\nThis manifested as seemingly inexplicable crashes on ARM64, where\nasync_chunk::inode is seen as non-null in async_cow_submit which causes\nsubmit_compressed_extents to be called and crash occurs because\nasync_chunk::inode suddenly became NULL. The call trace was similar to:\n\n pc : submit_compressed_extents+0x38/0x3d0\n lr : async_cow_submit+0x50/0xd0\n sp : ffff800015d4bc20\n\n \u003cregisters omitted for brevity\u003e\n\n Call trace:\n submit_compressed_extents+0x38/0x3d0\n async_cow_submit+0x50/0xd0\n run_ordered_work+0xc8/0x280\n btrfs_work_helper+0x98/0x250\n process_one_work+0x1f0/0x4ac\n worker_thread+0x188/0x504\n kthread+0x110/0x114\n ret_from_fork+0x10/0x18\n\nFix this by adding respective barrier calls which ensure that all\naccesses preceding setting of WORK_DONE_BIT are strictly ordered before\nsetting the flag. At the same time add a read barrier after reading of\nWORK_DONE_BIT in run_ordered_work which ensures all subsequent loads\nwould be strictly ordered after reading the bit. This in turn ensures\nare all accesses before WORK_DONE_BIT are going to be strictly ordered\nbefore any access that can occur in ordered_func.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47189",
"url": "https://www.suse.com/security/cve/CVE-2021-47189"
},
{
"category": "external",
"summary": "SUSE Bug 1222706 for CVE-2021-47189",
"url": "https://bugzilla.suse.com/1222706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47189"
},
{
"cve": "CVE-2021-47191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47191"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Fix out-of-bound read in resp_readcap16()\n\nThe following warning was observed running syzkaller:\n\n[ 3813.830724] sg_write: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in;\n[ 3813.830724] program syz-executor not setting count and/or reply_len properly\n[ 3813.836956] ==================================================================\n[ 3813.839465] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x157/0x1e0\n[ 3813.841773] Read of size 4096 at addr ffff8883cf80f540 by task syz-executor/1549\n[ 3813.846612] Call Trace:\n[ 3813.846995] dump_stack+0x108/0x15f\n[ 3813.847524] print_address_description+0xa5/0x372\n[ 3813.848243] kasan_report.cold+0x236/0x2a8\n[ 3813.849439] check_memory_region+0x240/0x270\n[ 3813.850094] memcpy+0x30/0x80\n[ 3813.850553] sg_copy_buffer+0x157/0x1e0\n[ 3813.853032] sg_copy_from_buffer+0x13/0x20\n[ 3813.853660] fill_from_dev_buffer+0x135/0x370\n[ 3813.854329] resp_readcap16+0x1ac/0x280\n[ 3813.856917] schedule_resp+0x41f/0x1630\n[ 3813.858203] scsi_debug_queuecommand+0xb32/0x17e0\n[ 3813.862699] scsi_dispatch_cmd+0x330/0x950\n[ 3813.863329] scsi_request_fn+0xd8e/0x1710\n[ 3813.863946] __blk_run_queue+0x10b/0x230\n[ 3813.864544] blk_execute_rq_nowait+0x1d8/0x400\n[ 3813.865220] sg_common_write.isra.0+0xe61/0x2420\n[ 3813.871637] sg_write+0x6c8/0xef0\n[ 3813.878853] __vfs_write+0xe4/0x800\n[ 3813.883487] vfs_write+0x17b/0x530\n[ 3813.884008] ksys_write+0x103/0x270\n[ 3813.886268] __x64_sys_write+0x77/0xc0\n[ 3813.886841] do_syscall_64+0x106/0x360\n[ 3813.887415] entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nThis issue can be reproduced with the following syzkaller log:\n\nr0 = openat(0xffffffffffffff9c, \u0026(0x7f0000000040)=\u0027./file0\\x00\u0027, 0x26e1, 0x0)\nr1 = syz_open_procfs(0xffffffffffffffff, \u0026(0x7f0000000000)=\u0027fd/3\\x00\u0027)\nopen_by_handle_at(r1, \u0026(0x7f00000003c0)=ANY=[@ANYRESHEX], 0x602000)\nr2 = syz_open_dev$sg(\u0026(0x7f0000000000), 0x0, 0x40782)\nwrite$binfmt_aout(r2, \u0026(0x7f0000000340)=ANY=[@ANYBLOB=\"00000000deff000000000000000000000000000000000000000000000000000047f007af9e107a41ec395f1bded7be24277a1501ff6196a83366f4e6362bc0ff2b247f68a972989b094b2da4fb3607fcf611a22dd04310d28c75039d\"], 0x126)\n\nIn resp_readcap16() we get \"int alloc_len\" value -1104926854, and then pass\nthe huge arr_len to fill_from_dev_buffer(), but arr is only 32 bytes. This\nleads to OOB in sg_copy_buffer().\n\nTo solve this issue, define alloc_len as u32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47191",
"url": "https://www.suse.com/security/cve/CVE-2021-47191"
},
{
"category": "external",
"summary": "SUSE Bug 1222866 for CVE-2021-47191",
"url": "https://bugzilla.suse.com/1222866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47191"
},
{
"cve": "CVE-2021-47192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: sysfs: Fix hang when device state is set via sysfs\n\nThis fixes a regression added with:\n\ncommit f0f82e2476f6 (\"scsi: core: Fix capacity set to zero after\nofflinining device\")\n\nThe problem is that after iSCSI recovery, iscsid will call into the kernel\nto set the dev\u0027s state to running, and with that patch we now call\nscsi_rescan_device() with the state_mutex held. If the SCSI error handler\nthread is just starting to test the device in scsi_send_eh_cmnd() then it\u0027s\ngoing to try to grab the state_mutex.\n\nWe are then stuck, because when scsi_rescan_device() tries to send its I/O\nscsi_queue_rq() calls -\u003e scsi_host_queue_ready() -\u003e scsi_host_in_recovery()\nwhich will return true (the host state is still in recovery) and I/O will\njust be requeued. scsi_send_eh_cmnd() will then never be able to grab the\nstate_mutex to finish error handling.\n\nTo prevent the deadlock move the rescan-related code to after we drop the\nstate_mutex.\n\nThis also adds a check for if we are already in the running state. This\nprevents extra scans and helps the iscsid case where if the transport class\nhas already onlined the device during its recovery process then we don\u0027t\nneed userspace to do it again plus possibly block that daemon.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47192",
"url": "https://www.suse.com/security/cve/CVE-2021-47192"
},
{
"category": "external",
"summary": "SUSE Bug 1222867 for CVE-2021-47192",
"url": "https://bugzilla.suse.com/1222867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47192"
},
{
"cve": "CVE-2021-47193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47193"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Fix memory leak during rmmod\n\nDriver failed to release all memory allocated. This would lead to memory\nleak during driver removal.\n\nProperly free memory when the module is removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47193",
"url": "https://www.suse.com/security/cve/CVE-2021-47193"
},
{
"category": "external",
"summary": "SUSE Bug 1222879 for CVE-2021-47193",
"url": "https://bugzilla.suse.com/1222879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47193"
},
{
"cve": "CVE-2021-47194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncfg80211: call cfg80211_stop_ap when switch from P2P_GO type\n\nIf the userspace tools switch from NL80211_IFTYPE_P2P_GO to\nNL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it\ndoes not call the cleanup cfg80211_stop_ap(), this leads to the\ninitialization of in-use data. For example, this path re-init the\nsdata-\u003eassigned_chanctx_list while it is still an element of\nassigned_vifs list, and makes that linked list corrupt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47194",
"url": "https://www.suse.com/security/cve/CVE-2021-47194"
},
{
"category": "external",
"summary": "SUSE Bug 1222829 for CVE-2021-47194",
"url": "https://bugzilla.suse.com/1222829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47194"
},
{
"cve": "CVE-2021-47195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47195"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fix use-after-free of the add_lock mutex\n\nCommit 6098475d4cb4 (\"spi: Fix deadlock when adding SPI controllers on\nSPI buses\") introduced a per-controller mutex. But mutex_unlock() of\nsaid lock is called after the controller is already freed:\n\n spi_unregister_controller(ctlr)\n -\u003e put_device(\u0026ctlr-\u003edev)\n -\u003e spi_controller_release(dev)\n -\u003e mutex_unlock(\u0026ctrl-\u003eadd_lock)\n\nMove the put_device() after the mutex_unlock().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47195",
"url": "https://www.suse.com/security/cve/CVE-2021-47195"
},
{
"category": "external",
"summary": "SUSE Bug 1222832 for CVE-2021-47195",
"url": "https://bugzilla.suse.com/1222832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47195"
},
{
"cve": "CVE-2021-47196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47196"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Set send and receive CQ before forwarding to the driver\n\nPreset both receive and send CQ pointers prior to call to the drivers and\noverwrite it later again till the mlx4 is going to be changed do not\noverwrite ibqp properties.\n\nThis change is needed for mlx5, because in case of QP creation failure, it\nwill go to the path of QP destroy which relies on proper CQ pointers.\n\n BUG: KASAN: use-after-free in create_qp.cold+0x164/0x16e [mlx5_ib]\n Write of size 8 at addr ffff8880064c55c0 by task a.out/246\n\n CPU: 0 PID: 246 Comm: a.out Not tainted 5.15.0+ #291\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n dump_stack_lvl+0x45/0x59\n print_address_description.constprop.0+0x1f/0x140\n kasan_report.cold+0x83/0xdf\n create_qp.cold+0x164/0x16e [mlx5_ib]\n mlx5_ib_create_qp+0x358/0x28a0 [mlx5_ib]\n create_qp.part.0+0x45b/0x6a0 [ib_core]\n ib_create_qp_user+0x97/0x150 [ib_core]\n ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs]\n ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs]\n ib_uverbs_ioctl+0x169/0x260 [ib_uverbs]\n __x64_sys_ioctl+0x866/0x14d0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n Allocated by task 246:\n kasan_save_stack+0x1b/0x40\n __kasan_kmalloc+0xa4/0xd0\n create_qp.part.0+0x92/0x6a0 [ib_core]\n ib_create_qp_user+0x97/0x150 [ib_core]\n ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs]\n ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs]\n ib_uverbs_ioctl+0x169/0x260 [ib_uverbs]\n __x64_sys_ioctl+0x866/0x14d0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n Freed by task 246:\n kasan_save_stack+0x1b/0x40\n kasan_set_track+0x1c/0x30\n kasan_set_free_info+0x20/0x30\n __kasan_slab_free+0x10c/0x150\n slab_free_freelist_hook+0xb4/0x1b0\n kfree+0xe7/0x2a0\n create_qp.part.0+0x52b/0x6a0 [ib_core]\n ib_create_qp_user+0x97/0x150 [ib_core]\n ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs]\n ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs]\n ib_uverbs_ioctl+0x169/0x260 [ib_uverbs]\n __x64_sys_ioctl+0x866/0x14d0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47196",
"url": "https://www.suse.com/security/cve/CVE-2021-47196"
},
{
"category": "external",
"summary": "SUSE Bug 1222773 for CVE-2021-47196",
"url": "https://bugzilla.suse.com/1222773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47196"
},
{
"cve": "CVE-2021-47197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: nullify cq-\u003edbg pointer in mlx5_debug_cq_remove()\n\nPrior to this patch in case mlx5_core_destroy_cq() failed it proceeds\nto rest of destroy operations. mlx5_core_destroy_cq() could be called again\nby user and cause additional call of mlx5_debug_cq_remove().\ncq-\u003edbg was not nullify in previous call and cause the crash.\n\nFix it by nullify cq-\u003edbg pointer after removal.\n\nAlso proceed to destroy operations only if FW return 0\nfor MLX5_CMD_OP_DESTROY_CQ command.\n\ngeneral protection fault, probably for non-canonical address 0x2000300004058: 0000 [#1] SMP PTI\nCPU: 5 PID: 1228 Comm: python Not tainted 5.15.0-rc5_for_upstream_min_debug_2021_10_14_11_06 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:lockref_get+0x1/0x60\nCode: 5d e9 53 ff ff ff 48 8d 7f 70 e8 0a 2e 48 00 c7 85 d0 00 00 00 02\n00 00 00 c6 45 70 00 fb 5d c3 c3 cc cc cc cc cc cc cc cc 53 \u003c48\u003e 8b 17\n48 89 fb 85 d2 75 3d 48 89 d0 bf 64 00 00 00 48 89 c1 48\nRSP: 0018:ffff888137dd7a38 EFLAGS: 00010206\nRAX: 0000000000000000 RBX: ffff888107d5f458 RCX: 00000000fffffffe\nRDX: 000000000002c2b0 RSI: ffffffff8155e2e0 RDI: 0002000300004058\nRBP: ffff888137dd7a88 R08: 0002000300004058 R09: ffff8881144a9f88\nR10: 0000000000000000 R11: 0000000000000000 R12: ffff8881141d4000\nR13: ffff888137dd7c68 R14: ffff888137dd7d58 R15: ffff888137dd7cc0\nFS: 00007f4644f2a4c0(0000) GS:ffff8887a2d40000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055b4500f4380 CR3: 0000000114f7a003 CR4: 0000000000170ea0\nCall Trace:\n simple_recursive_removal+0x33/0x2e0\n ? debugfs_remove+0x60/0x60\n debugfs_remove+0x40/0x60\n mlx5_debug_cq_remove+0x32/0x70 [mlx5_core]\n mlx5_core_destroy_cq+0x41/0x1d0 [mlx5_core]\n devx_obj_cleanup+0x151/0x330 [mlx5_ib]\n ? __pollwait+0xd0/0xd0\n ? xas_load+0x5/0x70\n ? xa_load+0x62/0xa0\n destroy_hw_idr_uobject+0x20/0x80 [ib_uverbs]\n uverbs_destroy_uobject+0x3b/0x360 [ib_uverbs]\n uobj_destroy+0x54/0xa0 [ib_uverbs]\n ib_uverbs_cmd_verbs+0xaf2/0x1160 [ib_uverbs]\n ? uverbs_finalize_object+0xd0/0xd0 [ib_uverbs]\n ib_uverbs_ioctl+0xc4/0x1b0 [ib_uverbs]\n __x64_sys_ioctl+0x3e4/0x8e0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47197",
"url": "https://www.suse.com/security/cve/CVE-2021-47197"
},
{
"category": "external",
"summary": "SUSE Bug 1222776 for CVE-2021-47197",
"url": "https://bugzilla.suse.com/1222776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47197"
},
{
"cve": "CVE-2021-47198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine\n\nAn error is detected with the following report when unloading the driver:\n \"KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b\"\n\nThe NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg_fab_ctrl_node(), but the\nflag is not cleared upon completion of the login.\n\nThis allows a second call to lpfc_unreg_rpi() to proceed with nlp_rpi set\nto LPFC_RPI_ALLOW_ERROR. This results in a use after free access when used\nas an rpi_ids array index.\n\nFix by clearing the NLP_REG_LOGIN_SEND nlp_flag in\nlpfc_mbx_cmpl_fc_reg_login().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47198",
"url": "https://www.suse.com/security/cve/CVE-2021-47198"
},
{
"category": "external",
"summary": "SUSE Bug 1222883 for CVE-2021-47198",
"url": "https://bugzilla.suse.com/1222883"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47198"
},
{
"cve": "CVE-2021-47199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47199"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: CT, Fix multiple allocations and memleak of mod acts\n\nCT clear action offload adds additional mod hdr actions to the\nflow\u0027s original mod actions in order to clear the registers which\nhold ct_state.\nWhen such flow also includes encap action, a neigh update event\ncan cause the driver to unoffload the flow and then reoffload it.\n\nEach time this happens, the ct clear handling adds that same set\nof mod hdr actions to reset ct_state until the max of mod hdr\nactions is reached.\n\nAlso the driver never releases the allocated mod hdr actions and\ncausing a memleak.\n\nFix above two issues by moving CT clear mod acts allocation\ninto the parsing actions phase and only use it when offloading the rule.\nThe release of mod acts will be done in the normal flow_put().\n\n backtrace:\n [\u003c000000007316e2f3\u003e] krealloc+0x83/0xd0\n [\u003c00000000ef157de1\u003e] mlx5e_mod_hdr_alloc+0x147/0x300 [mlx5_core]\n [\u003c00000000970ce4ae\u003e] mlx5e_tc_match_to_reg_set_and_get_id+0xd7/0x240 [mlx5_core]\n [\u003c0000000067c5fa17\u003e] mlx5e_tc_match_to_reg_set+0xa/0x20 [mlx5_core]\n [\u003c00000000d032eb98\u003e] mlx5_tc_ct_entry_set_registers.isra.0+0x36/0xc0 [mlx5_core]\n [\u003c00000000fd23b869\u003e] mlx5_tc_ct_flow_offload+0x272/0x1f10 [mlx5_core]\n [\u003c000000004fc24acc\u003e] mlx5e_tc_offload_fdb_rules.part.0+0x150/0x620 [mlx5_core]\n [\u003c00000000dc741c17\u003e] mlx5e_tc_encap_flows_add+0x489/0x690 [mlx5_core]\n [\u003c00000000e92e49d7\u003e] mlx5e_rep_update_flows+0x6e4/0x9b0 [mlx5_core]\n [\u003c00000000f60f5602\u003e] mlx5e_rep_neigh_update+0x39a/0x5d0 [mlx5_core]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47199",
"url": "https://www.suse.com/security/cve/CVE-2021-47199"
},
{
"category": "external",
"summary": "SUSE Bug 1222785 for CVE-2021-47199",
"url": "https://bugzilla.suse.com/1222785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47199"
},
{
"cve": "CVE-2021-47200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47200"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/prime: Fix use after free in mmap with drm_gem_ttm_mmap\n\ndrm_gem_ttm_mmap() drops a reference to the gem object on success. If\nthe gem object\u0027s refcount == 1 on entry to drm_gem_prime_mmap(), that\ndrop will free the gem object, and the subsequent drm_gem_object_get()\nwill be a UAF. Fix by grabbing a reference before calling the mmap\nhelper.\n\nThis issue was forseen when the reference dropping was adding in\ncommit 9786b65bc61ac (\"drm/ttm: fix mmap refcounting\"):\n \"For that to work properly the drm_gem_object_get() call in\n drm_gem_ttm_mmap() must be moved so it happens before calling\n obj-\u003efuncs-\u003emmap(), otherwise the gem refcount would go down\n to zero.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47200",
"url": "https://www.suse.com/security/cve/CVE-2021-47200"
},
{
"category": "external",
"summary": "SUSE Bug 1222838 for CVE-2021-47200",
"url": "https://bugzilla.suse.com/1222838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47200"
},
{
"cve": "CVE-2021-47201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: free q_vectors before queues in iavf_disable_vf\n\niavf_free_queues() clears adapter-\u003enum_active_queues, which\niavf_free_q_vectors() relies on, so swap the order of these two function\ncalls in iavf_disable_vf(). This resolves a panic encountered when the\ninterface is disabled and then later brought up again after PF\ncommunication is restored.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47201",
"url": "https://www.suse.com/security/cve/CVE-2021-47201"
},
{
"category": "external",
"summary": "SUSE Bug 1222792 for CVE-2021-47201",
"url": "https://bugzilla.suse.com/1222792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47201"
},
{
"cve": "CVE-2021-47202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: Fix NULL pointer dereferences in of_thermal_ functions\n\nof_parse_thermal_zones() parses the thermal-zones node and registers a\nthermal_zone device for each subnode. However, if a thermal zone is\nconsuming a thermal sensor and that thermal sensor device hasn\u0027t probed\nyet, an attempt to set trip_point_*_temp for that thermal zone device\ncan cause a NULL pointer dereference. Fix it.\n\n console:/sys/class/thermal/thermal_zone87 # echo 120000 \u003e trip_point_0_temp\n ...\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n ...\n Call trace:\n of_thermal_set_trip_temp+0x40/0xc4\n trip_point_temp_store+0xc0/0x1dc\n dev_attr_store+0x38/0x88\n sysfs_kf_write+0x64/0xc0\n kernfs_fop_write_iter+0x108/0x1d0\n vfs_write+0x2f4/0x368\n ksys_write+0x7c/0xec\n __arm64_sys_write+0x20/0x30\n el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc\n do_el0_svc+0x28/0xa0\n el0_svc+0x14/0x24\n el0_sync_handler+0x88/0xec\n el0_sync+0x1c0/0x200\n\nWhile at it, fix the possible NULL pointer dereference in other\nfunctions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(),\nof_thermal_get_trend().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47202",
"url": "https://www.suse.com/security/cve/CVE-2021-47202"
},
{
"category": "external",
"summary": "SUSE Bug 1222878 for CVE-2021-47202",
"url": "https://bugzilla.suse.com/1222878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47202"
},
{
"cve": "CVE-2021-47203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47203"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()\n\nWhen parsing the txq list in lpfc_drain_txq(), the driver attempts to pass\nthe requests to the adapter. If such an attempt fails, a local \"fail_msg\"\nstring is set and a log message output. The job is then added to a\ncompletions list for cancellation.\n\nProcessing of any further jobs from the txq list continues, but since\n\"fail_msg\" remains set, jobs are added to the completions list regardless\nof whether a wqe was passed to the adapter. If successfully added to\ntxcmplq, jobs are added to both lists resulting in list corruption.\n\nFix by clearing the fail_msg string after adding a job to the completions\nlist. This stops the subsequent jobs from being added to the completions\nlist unless they had an appropriate failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47203",
"url": "https://www.suse.com/security/cve/CVE-2021-47203"
},
{
"category": "external",
"summary": "SUSE Bug 1222881 for CVE-2021-47203",
"url": "https://bugzilla.suse.com/1222881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47203"
},
{
"cve": "CVE-2021-47204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa2-eth: fix use-after-free in dpaa2_eth_remove\n\nAccess to netdev after free_netdev() will cause use-after-free bug.\nMove debug log before free_netdev() call to avoid it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47204",
"url": "https://www.suse.com/security/cve/CVE-2021-47204"
},
{
"category": "external",
"summary": "SUSE Bug 1222787 for CVE-2021-47204",
"url": "https://bugzilla.suse.com/1222787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47204"
},
{
"cve": "CVE-2021-47205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47205"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: Unregister clocks/resets when unbinding\n\nCurrently, unbinding a CCU driver unmaps the device\u0027s MMIO region, while\nleaving its clocks/resets and their providers registered. This can cause\na page fault later when some clock operation tries to perform MMIO. Fix\nthis by separating the CCU initialization from the memory allocation,\nand then using a devres callback to unregister the clocks and resets.\n\nThis also fixes a memory leak of the `struct ccu_reset`, and uses the\ncorrect owner (the specific platform driver) for the clocks and resets.\n\nEarly OF clock providers are never unregistered, and limited error\nhandling is possible, so they are mostly unchanged. The error reporting\nis made more consistent by moving the message inside of_sunxi_ccu_probe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47205",
"url": "https://www.suse.com/security/cve/CVE-2021-47205"
},
{
"category": "external",
"summary": "SUSE Bug 1222888 for CVE-2021-47205",
"url": "https://bugzilla.suse.com/1222888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47205"
},
{
"cve": "CVE-2021-47206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: host: ohci-tmio: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47206",
"url": "https://www.suse.com/security/cve/CVE-2021-47206"
},
{
"category": "external",
"summary": "SUSE Bug 1222894 for CVE-2021-47206",
"url": "https://bugzilla.suse.com/1222894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47206"
},
{
"cve": "CVE-2021-47207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47207"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: gus: fix null pointer dereference on pointer block\n\nThe pointer block return from snd_gf1_dma_next_block could be\nnull, so there is a potential null pointer dereference issue.\nFix this by adding a null check before dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47207",
"url": "https://www.suse.com/security/cve/CVE-2021-47207"
},
{
"category": "external",
"summary": "SUSE Bug 1222790 for CVE-2021-47207",
"url": "https://bugzilla.suse.com/1222790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47207"
},
{
"cve": "CVE-2021-47209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47209"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Prevent dead task groups from regaining cfs_rq\u0027s\n\nKevin is reporting crashes which point to a use-after-free of a cfs_rq\nin update_blocked_averages(). Initial debugging revealed that we\u0027ve\nlive cfs_rq\u0027s (on_list=1) in an about to be kfree()\u0027d task group in\nfree_fair_sched_group(). However, it was unclear how that can happen.\n\nHis kernel config happened to lead to a layout of struct sched_entity\nthat put the \u0027my_q\u0027 member directly into the middle of the object\nwhich makes it incidentally overlap with SLUB\u0027s freelist pointer.\nThat, in combination with SLAB_FREELIST_HARDENED\u0027s freelist pointer\nmangling, leads to a reliable access violation in form of a #GP which\nmade the UAF fail fast.\n\nMichal seems to have run into the same issue[1]. He already correctly\ndiagnosed that commit a7b359fc6a37 (\"sched/fair: Correctly insert\ncfs_rq\u0027s to list on unthrottle\") is causing the preconditions for the\nUAF to happen by re-adding cfs_rq\u0027s also to task groups that have no\nmore running tasks, i.e. also to dead ones. His analysis, however,\nmisses the real root cause and it cannot be seen from the crash\nbacktrace only, as the real offender is tg_unthrottle_up() getting\ncalled via sched_cfs_period_timer() via the timer interrupt at an\ninconvenient time.\n\nWhen unregister_fair_sched_group() unlinks all cfs_rq\u0027s from the dying\ntask group, it doesn\u0027t protect itself from getting interrupted. If the\ntimer interrupt triggers while we iterate over all CPUs or after\nunregister_fair_sched_group() has finished but prior to unlinking the\ntask group, sched_cfs_period_timer() will execute and walk the list of\ntask groups, trying to unthrottle cfs_rq\u0027s, i.e. re-add them to the\ndying task group. These will later -- in free_fair_sched_group() -- be\nkfree()\u0027ed while still being linked, leading to the fireworks Kevin\nand Michal are seeing.\n\nTo fix this race, ensure the dying task group gets unlinked first.\nHowever, simply switching the order of unregistering and unlinking the\ntask group isn\u0027t sufficient, as concurrent RCU walkers might still see\nit, as can be seen below:\n\n CPU1: CPU2:\n : timer IRQ:\n : do_sched_cfs_period_timer():\n : :\n : distribute_cfs_runtime():\n : rcu_read_lock();\n : :\n : unthrottle_cfs_rq():\n sched_offline_group(): :\n : walk_tg_tree_from(\u2026,tg_unthrottle_up,\u2026):\n list_del_rcu(\u0026tg-\u003elist); :\n (1) : list_for_each_entry_rcu(child, \u0026parent-\u003echildren, siblings)\n : :\n (2) list_del_rcu(\u0026tg-\u003esiblings); :\n : tg_unthrottle_up():\n unregister_fair_sched_group(): struct cfs_rq *cfs_rq = tg-\u003ecfs_rq[cpu_of(rq)];\n : :\n list_del_leaf_cfs_rq(tg-\u003ecfs_rq[cpu]); :\n : :\n : if (!cfs_rq_is_decayed(cfs_rq) || cfs_rq-\u003enr_running)\n (3) : list_add_leaf_cfs_rq(cfs_rq);\n : :\n : :\n : :\n : :\n : \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47209",
"url": "https://www.suse.com/security/cve/CVE-2021-47209"
},
{
"category": "external",
"summary": "SUSE Bug 1222796 for CVE-2021-47209",
"url": "https://bugzilla.suse.com/1222796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47209"
},
{
"cve": "CVE-2021-47210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tipd: Remove WARN_ON in tps6598x_block_read\n\nCalling tps6598x_block_read with a higher than allowed len can be\nhandled by just returning an error. There\u0027s no need to crash systems\nwith panic-on-warn enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47210",
"url": "https://www.suse.com/security/cve/CVE-2021-47210"
},
{
"category": "external",
"summary": "SUSE Bug 1222901 for CVE-2021-47210",
"url": "https://bugzilla.suse.com/1222901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47210"
},
{
"cve": "CVE-2021-47211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix null pointer dereference on pointer cs_desc\n\nThe pointer cs_desc return from snd_usb_find_clock_source could\nbe null, so there is a potential null pointer dereference issue.\nFix this by adding a null check before dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47211",
"url": "https://www.suse.com/security/cve/CVE-2021-47211"
},
{
"category": "external",
"summary": "SUSE Bug 1222869 for CVE-2021-47211",
"url": "https://bugzilla.suse.com/1222869"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47211"
},
{
"cve": "CVE-2021-47212",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47212"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Update error handler for UCTX and UMEM\n\nIn the fast unload flow, the device state is set to internal error,\nwhich indicates that the driver started the destroy process.\nIn this case, when a destroy command is being executed, it should return\nMLX5_CMD_STAT_OK.\nFix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK\ninstead of EIO.\n\nThis fixes a call trace in the umem release process -\n[ 2633.536695] Call Trace:\n[ 2633.537518] ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs]\n[ 2633.538596] remove_client_context+0x8b/0xd0 [ib_core]\n[ 2633.539641] disable_device+0x8c/0x130 [ib_core]\n[ 2633.540615] __ib_unregister_device+0x35/0xa0 [ib_core]\n[ 2633.541640] ib_unregister_device+0x21/0x30 [ib_core]\n[ 2633.542663] __mlx5_ib_remove+0x38/0x90 [mlx5_ib]\n[ 2633.543640] auxiliary_bus_remove+0x1e/0x30 [auxiliary]\n[ 2633.544661] device_release_driver_internal+0x103/0x1f0\n[ 2633.545679] bus_remove_device+0xf7/0x170\n[ 2633.546640] device_del+0x181/0x410\n[ 2633.547606] mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core]\n[ 2633.548777] mlx5_unregister_device+0x27/0x40 [mlx5_core]\n[ 2633.549841] mlx5_uninit_one+0x21/0xc0 [mlx5_core]\n[ 2633.550864] remove_one+0x69/0xe0 [mlx5_core]\n[ 2633.551819] pci_device_remove+0x3b/0xc0\n[ 2633.552731] device_release_driver_internal+0x103/0x1f0\n[ 2633.553746] unbind_store+0xf6/0x130\n[ 2633.554657] kernfs_fop_write+0x116/0x190\n[ 2633.555567] vfs_write+0xa5/0x1a0\n[ 2633.556407] ksys_write+0x4f/0xb0\n[ 2633.557233] do_syscall_64+0x5b/0x1a0\n[ 2633.558071] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 2633.559018] RIP: 0033:0x7f9977132648\n[ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55\n[ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648\n[ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001\n[ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740\n[ 2633.566653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0\n[ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c\n[ 2633.568725] ---[ end trace 10b4fe52945e544d ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47212",
"url": "https://www.suse.com/security/cve/CVE-2021-47212"
},
{
"category": "external",
"summary": "SUSE Bug 1222709 for CVE-2021-47212",
"url": "https://bugzilla.suse.com/1222709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47212"
},
{
"cve": "CVE-2021-47215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: kTLS, Fix crash in RX resync flow\n\nFor the TLS RX resync flow, we maintain a list of TLS contexts\nthat require some attention, to communicate their resync information\nto the HW.\nHere we fix list corruptions, by protecting the entries against\nmovements coming from resync_handle_seq_match(), until their resync\nhandling in napi is fully completed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47215",
"url": "https://www.suse.com/security/cve/CVE-2021-47215"
},
{
"category": "external",
"summary": "SUSE Bug 1222704 for CVE-2021-47215",
"url": "https://bugzilla.suse.com/1222704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47215"
},
{
"cve": "CVE-2021-47216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47216"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: advansys: Fix kernel pointer leak\n\nPointers should be printed with %p or %px rather than cast to \u0027unsigned\nlong\u0027 and printed with %lx.\n\nChange %lx to %p to print the hashed pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47216",
"url": "https://www.suse.com/security/cve/CVE-2021-47216"
},
{
"category": "external",
"summary": "SUSE Bug 1222876 for CVE-2021-47216",
"url": "https://bugzilla.suse.com/1222876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47216"
},
{
"cve": "CVE-2021-47217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47217"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails\n\nCheck for a valid hv_vp_index array prior to derefencing hv_vp_index when\nsetting Hyper-V\u0027s TSC change callback. If Hyper-V setup failed in\nhyperv_init(), the kernel will still report that it\u0027s running under\nHyper-V, but will have silently disabled nearly all functionality.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 4 PID: 1 Comm: swapper/0 Not tainted 5.15.0-rc2+ #75\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:set_hv_tscchange_cb+0x15/0xa0\n Code: \u003c8b\u003e 04 82 8b 15 12 17 85 01 48 c1 e0 20 48 0d ee 00 01 00 f6 c6 08\n ...\n Call Trace:\n kvm_arch_init+0x17c/0x280\n kvm_init+0x31/0x330\n vmx_init+0xba/0x13a\n do_one_initcall+0x41/0x1c0\n kernel_init_freeable+0x1f2/0x23b\n kernel_init+0x16/0x120\n ret_from_fork+0x22/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47217",
"url": "https://www.suse.com/security/cve/CVE-2021-47217"
},
{
"category": "external",
"summary": "SUSE Bug 1222836 for CVE-2021-47217",
"url": "https://bugzilla.suse.com/1222836"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47217"
},
{
"cve": "CVE-2021-47218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47218"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix NULL-pointer dereference when hashtab allocation fails\n\nWhen the hash table slot array allocation fails in hashtab_init(),\nh-\u003esize is left initialized with a non-zero value, but the h-\u003ehtable\npointer is NULL. This may then cause a NULL pointer dereference, since\nthe policydb code relies on the assumption that even after a failed\nhashtab_init(), hashtab_map() and hashtab_destroy() can be safely called\non it. Yet, these detect an empty hashtab only by looking at the size.\n\nFix this by making sure that hashtab_init() always leaves behind a valid\nempty hashtab when the allocation fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47218",
"url": "https://www.suse.com/security/cve/CVE-2021-47218"
},
{
"category": "external",
"summary": "SUSE Bug 1222791 for CVE-2021-47218",
"url": "https://bugzilla.suse.com/1222791"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47218"
},
{
"cve": "CVE-2021-47219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47219"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()\n\nThe following issue was observed running syzkaller:\n\nBUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 [inline]\nBUG: KASAN: slab-out-of-bounds in sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831\nRead of size 2132 at addr ffff8880aea95dc8 by task syz-executor.0/9815\n\nCPU: 0 PID: 9815 Comm: syz-executor.0 Not tainted 4.19.202-00874-gfc0fe04215a9 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0xe4/0x14a lib/dump_stack.c:118\n print_address_description+0x73/0x280 mm/kasan/report.c:253\n kasan_report_error mm/kasan/report.c:352 [inline]\n kasan_report+0x272/0x370 mm/kasan/report.c:410\n memcpy+0x1f/0x50 mm/kasan/kasan.c:302\n memcpy include/linux/string.h:377 [inline]\n sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831\n fill_from_dev_buffer+0x14f/0x340 drivers/scsi/scsi_debug.c:1021\n resp_report_tgtpgs+0x5aa/0x770 drivers/scsi/scsi_debug.c:1772\n schedule_resp+0x464/0x12f0 drivers/scsi/scsi_debug.c:4429\n scsi_debug_queuecommand+0x467/0x1390 drivers/scsi/scsi_debug.c:5835\n scsi_dispatch_cmd+0x3fc/0x9b0 drivers/scsi/scsi_lib.c:1896\n scsi_request_fn+0x1042/0x1810 drivers/scsi/scsi_lib.c:2034\n __blk_run_queue_uncond block/blk-core.c:464 [inline]\n __blk_run_queue+0x1a4/0x380 block/blk-core.c:484\n blk_execute_rq_nowait+0x1c2/0x2d0 block/blk-exec.c:78\n sg_common_write.isra.19+0xd74/0x1dc0 drivers/scsi/sg.c:847\n sg_write.part.23+0x6e0/0xd00 drivers/scsi/sg.c:716\n sg_write+0x64/0xa0 drivers/scsi/sg.c:622\n __vfs_write+0xed/0x690 fs/read_write.c:485\nkill_bdev:block_device:00000000e138492c\n vfs_write+0x184/0x4c0 fs/read_write.c:549\n ksys_write+0x107/0x240 fs/read_write.c:599\n do_syscall_64+0xc2/0x560 arch/x86/entry/common.c:293\n entry_SYSCALL_64_after_hwframe+0x49/0xbe\n\nWe get \u0027alen\u0027 from command its type is int. If userspace passes a large\nlength we will get a negative \u0027alen\u0027.\n\nSwitch n, alen, and rlen to u32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47219",
"url": "https://www.suse.com/security/cve/CVE-2021-47219"
},
{
"category": "external",
"summary": "SUSE Bug 1222824 for CVE-2021-47219",
"url": "https://bugzilla.suse.com/1222824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2021-47219"
},
{
"cve": "CVE-2022-48631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug in extents parsing when eh_entries == 0 and eh_depth \u003e 0\n\nWhen walking through an inode extents, the ext4_ext_binsearch_idx() function\nassumes that the extent header has been previously validated. However, there\nare no checks that verify that the number of entries (eh-\u003eeh_entries) is\nnon-zero when depth is \u003e 0. And this will lead to problems because the\nEXT_FIRST_INDEX() and EXT_LAST_INDEX() will return garbage and result in this:\n\n[ 135.245946] ------------[ cut here ]------------\n[ 135.247579] kernel BUG at fs/ext4/extents.c:2258!\n[ 135.249045] invalid opcode: 0000 [#1] PREEMPT SMP\n[ 135.250320] CPU: 2 PID: 238 Comm: tmp118 Not tainted 5.19.0-rc8+ #4\n[ 135.252067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 04/01/2014\n[ 135.255065] RIP: 0010:ext4_ext_map_blocks+0xc20/0xcb0\n[ 135.256475] Code:\n[ 135.261433] RSP: 0018:ffffc900005939f8 EFLAGS: 00010246\n[ 135.262847] RAX: 0000000000000024 RBX: ffffc90000593b70 RCX: 0000000000000023\n[ 135.264765] RDX: ffff8880038e5f10 RSI: 0000000000000003 RDI: ffff8880046e922c\n[ 135.266670] RBP: ffff8880046e9348 R08: 0000000000000001 R09: ffff888002ca580c\n[ 135.268576] R10: 0000000000002602 R11: 0000000000000000 R12: 0000000000000024\n[ 135.270477] R13: 0000000000000000 R14: 0000000000000024 R15: 0000000000000000\n[ 135.272394] FS: 00007fdabdc56740(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\n[ 135.274510] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 135.276075] CR2: 00007ffc26bd4f00 CR3: 0000000006261004 CR4: 0000000000170ea0\n[ 135.277952] Call Trace:\n[ 135.278635] \u003cTASK\u003e\n[ 135.279247] ? preempt_count_add+0x6d/0xa0\n[ 135.280358] ? percpu_counter_add_batch+0x55/0xb0\n[ 135.281612] ? _raw_read_unlock+0x18/0x30\n[ 135.282704] ext4_map_blocks+0x294/0x5a0\n[ 135.283745] ? xa_load+0x6f/0xa0\n[ 135.284562] ext4_mpage_readpages+0x3d6/0x770\n[ 135.285646] read_pages+0x67/0x1d0\n[ 135.286492] ? folio_add_lru+0x51/0x80\n[ 135.287441] page_cache_ra_unbounded+0x124/0x170\n[ 135.288510] filemap_get_pages+0x23d/0x5a0\n[ 135.289457] ? path_openat+0xa72/0xdd0\n[ 135.290332] filemap_read+0xbf/0x300\n[ 135.291158] ? _raw_spin_lock_irqsave+0x17/0x40\n[ 135.292192] new_sync_read+0x103/0x170\n[ 135.293014] vfs_read+0x15d/0x180\n[ 135.293745] ksys_read+0xa1/0xe0\n[ 135.294461] do_syscall_64+0x3c/0x80\n[ 135.295284] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis patch simply adds an extra check in __ext4_ext_check(), verifying that\neh_entries is not 0 when eh_depth is \u003e 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48631",
"url": "https://www.suse.com/security/cve/CVE-2022-48631"
},
{
"category": "external",
"summary": "SUSE Bug 1223475 for CVE-2022-48631",
"url": "https://bugzilla.suse.com/1223475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2022-48631"
},
{
"cve": "CVE-2022-48637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt: prevent skb UAF after handing over to PTP worker\n\nWhen reading the timestamp is required bnxt_tx_int() hands\nover the ownership of the completed skb to the PTP worker.\nThe skb should not be used afterwards, as the worker may\nrun before the rest of our code and free the skb, leading\nto a use-after-free.\n\nSince dev_kfree_skb_any() accepts NULL make the loss of\nownership more obvious and set skb to NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48637",
"url": "https://www.suse.com/security/cve/CVE-2022-48637"
},
{
"category": "external",
"summary": "SUSE Bug 1223517 for CVE-2022-48637",
"url": "https://bugzilla.suse.com/1223517"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2022-48637"
},
{
"cve": "CVE-2022-48638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: cgroup_get_from_id() must check the looked-up kn is a directory\n\ncgroup has to be one kernfs dir, otherwise kernel panic is caused,\nespecially cgroup id is provide from userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48638",
"url": "https://www.suse.com/security/cve/CVE-2022-48638"
},
{
"category": "external",
"summary": "SUSE Bug 1223522 for CVE-2022-48638",
"url": "https://bugzilla.suse.com/1223522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2022-48638"
},
{
"cve": "CVE-2022-48647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix TX channel offset when using legacy interrupts\n\nIn legacy interrupt mode the tx_channel_offset was hardcoded to 1, but\nthat\u0027s not correct if efx_sepparate_tx_channels is false. In that case,\nthe offset is 0 because the tx queues are in the single existing channel\nat index 0, together with the rx queue.\n\nWithout this fix, as soon as you try to send any traffic, it tries to\nget the tx queues from an uninitialized channel getting these errors:\n WARNING: CPU: 1 PID: 0 at drivers/net/ethernet/sfc/tx.c:540 efx_hard_start_xmit+0x12e/0x170 [sfc]\n [...]\n RIP: 0010:efx_hard_start_xmit+0x12e/0x170 [sfc]\n [...]\n Call Trace:\n \u003cIRQ\u003e\n dev_hard_start_xmit+0xd7/0x230\n sch_direct_xmit+0x9f/0x360\n __dev_queue_xmit+0x890/0xa40\n [...]\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000020\n [...]\n RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]\n [...]\n Call Trace:\n \u003cIRQ\u003e\n dev_hard_start_xmit+0xd7/0x230\n sch_direct_xmit+0x9f/0x360\n __dev_queue_xmit+0x890/0xa40\n [...]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48647",
"url": "https://www.suse.com/security/cve/CVE-2022-48647"
},
{
"category": "external",
"summary": "SUSE Bug 1223519 for CVE-2022-48647",
"url": "https://bugzilla.suse.com/1223519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2022-48647"
},
{
"cve": "CVE-2022-48648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix null pointer dereference in efx_hard_start_xmit\n\nTrying to get the channel from the tx_queue variable here is wrong\nbecause we can only be here if tx_queue is NULL, so we shouldn\u0027t\ndereference it. As the above comment in the code says, this is very\nunlikely to happen, but it\u0027s wrong anyway so let\u0027s fix it.\n\nI hit this issue because of a different bug that caused tx_queue to be\nNULL. If that happens, this is the error message that we get here:\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000020\n [...]\n RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48648",
"url": "https://www.suse.com/security/cve/CVE-2022-48648"
},
{
"category": "external",
"summary": "SUSE Bug 1223503 for CVE-2022-48648",
"url": "https://bugzilla.suse.com/1223503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2022-48648"
},
{
"cve": "CVE-2022-48650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()\n\nCommit 8f394da36a36 (\"scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG\")\nmade the __qlt_24xx_handle_abts() function return early if\ntcm_qla2xxx_find_cmd_by_tag() didn\u0027t find a command, but it missed to clean\nup the allocated memory for the management command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48650",
"url": "https://www.suse.com/security/cve/CVE-2022-48650"
},
{
"category": "external",
"summary": "SUSE Bug 1223509 for CVE-2022-48650",
"url": "https://bugzilla.suse.com/1223509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2022-48650"
},
{
"cve": "CVE-2022-48651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48651"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: Fix out-of-bound bugs caused by unset skb-\u003emac_header\n\nIf an AF_PACKET socket is used to send packets through ipvlan and the\ndefault xmit function of the AF_PACKET socket is changed from\ndev_queue_xmit() to packet_direct_xmit() via setsockopt() with the option\nname of PACKET_QDISC_BYPASS, the skb-\u003emac_header may not be reset and\nremains as the initial value of 65535, this may trigger slab-out-of-bounds\nbugs as following:\n\n=================================================================\nUG: KASAN: slab-out-of-bounds in ipvlan_xmit_mode_l2+0xdb/0x330 [ipvlan]\nPU: 2 PID: 1768 Comm: raw_send Kdump: loaded Not tainted 6.0.0-rc4+ #6\nardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33\nall Trace:\nprint_address_description.constprop.0+0x1d/0x160\nprint_report.cold+0x4f/0x112\nkasan_report+0xa3/0x130\nipvlan_xmit_mode_l2+0xdb/0x330 [ipvlan]\nipvlan_start_xmit+0x29/0xa0 [ipvlan]\n__dev_direct_xmit+0x2e2/0x380\npacket_direct_xmit+0x22/0x60\npacket_snd+0x7c9/0xc40\nsock_sendmsg+0x9a/0xa0\n__sys_sendto+0x18a/0x230\n__x64_sys_sendto+0x74/0x90\ndo_syscall_64+0x3b/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root cause is:\n 1. packet_snd() only reset skb-\u003emac_header when sock-\u003etype is SOCK_RAW\n and skb-\u003eprotocol is not specified as in packet_parse_headers()\n\n 2. packet_direct_xmit() doesn\u0027t reset skb-\u003emac_header as dev_queue_xmit()\n\nIn this case, skb-\u003emac_header is 65535 when ipvlan_xmit_mode_l2() is\ncalled. So when ipvlan_xmit_mode_l2() gets mac header with eth_hdr() which\nuse \"skb-\u003ehead + skb-\u003emac_header\", out-of-bound access occurs.\n\nThis patch replaces eth_hdr() with skb_eth_hdr() in ipvlan_xmit_mode_l2()\nand reset mac header in multicast to solve this out-of-bound bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48651",
"url": "https://www.suse.com/security/cve/CVE-2022-48651"
},
{
"category": "external",
"summary": "SUSE Bug 1223513 for CVE-2022-48651",
"url": "https://bugzilla.suse.com/1223513"
},
{
"category": "external",
"summary": "SUSE Bug 1223514 for CVE-2022-48651",
"url": "https://bugzilla.suse.com/1223514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "important"
}
],
"title": "CVE-2022-48651"
},
{
"cve": "CVE-2022-48653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t double unplug aux on peer initiated reset\n\nIn the IDC callback that is accessed when the aux drivers request a reset,\nthe function to unplug the aux devices is called. This function is also\ncalled in the ice_prepare_for_reset function. This double call is causing\na \"scheduling while atomic\" BUG.\n\n[ 662.676430] ice 0000:4c:00.0 rocep76s0: cqp opcode = 0x1 maj_err_code = 0xffff min_err_code = 0x8003\n\n[ 662.676609] ice 0000:4c:00.0 rocep76s0: [Modify QP Cmd Error][op_code=8] status=-29 waiting=1 completion_err=1 maj=0xffff min=0x8003\n\n[ 662.815006] ice 0000:4c:00.0 rocep76s0: ICE OICR event notification: oicr = 0x10000003\n\n[ 662.815014] ice 0000:4c:00.0 rocep76s0: critical PE Error, GLPE_CRITERR=0x00011424\n\n[ 662.815017] ice 0000:4c:00.0 rocep76s0: Requesting a reset\n\n[ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002\n\n[ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002\n[ 662.815477] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs rfkill 8021q garp mrp stp llc vfat fat rpcrdma intel_rapl_msr intel_rapl_common sunrpc i10nm_edac rdma_ucm nfit ib_srpt libnvdimm ib_isert iscsi_target_mod x86_pkg_temp_thermal intel_powerclamp coretemp target_core_mod snd_hda_intel ib_iser snd_intel_dspcfg libiscsi snd_intel_sdw_acpi scsi_transport_iscsi kvm_intel iTCO_wdt rdma_cm snd_hda_codec kvm iw_cm ipmi_ssif iTCO_vendor_support snd_hda_core irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hwdep snd_seq snd_seq_device rapl snd_pcm snd_timer isst_if_mbox_pci pcspkr isst_if_mmio irdma intel_uncore idxd acpi_ipmi joydev isst_if_common snd mei_me idxd_bus ipmi_si soundcore i2c_i801 mei ipmi_devintf i2c_smbus i2c_ismt ipmi_msghandler acpi_power_meter acpi_pad rv(OE) ib_uverbs ib_cm ib_core xfs libcrc32c ast i2c_algo_bit drm_vram_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm_ttm_helpe\n r ttm\n[ 662.815546] nvme nvme_core ice drm crc32c_intel i40e t10_pi wmi pinctrl_emmitsburg dm_mirror dm_region_hash dm_log dm_mod fuse\n[ 662.815557] Preemption disabled at:\n[ 662.815558] [\u003c0000000000000000\u003e] 0x0\n[ 662.815563] CPU: 37 PID: 0 Comm: swapper/37 Kdump: loaded Tainted: G S OE 5.17.1 #2\n[ 662.815566] Hardware name: Intel Corporation D50DNP/D50DNP, BIOS SE5C6301.86B.6624.D18.2111021741 11/02/2021\n[ 662.815568] Call Trace:\n[ 662.815572] \u003cIRQ\u003e\n[ 662.815574] dump_stack_lvl+0x33/0x42\n[ 662.815581] __schedule_bug.cold.147+0x7d/0x8a\n[ 662.815588] __schedule+0x798/0x990\n[ 662.815595] schedule+0x44/0xc0\n[ 662.815597] schedule_preempt_disabled+0x14/0x20\n[ 662.815600] __mutex_lock.isra.11+0x46c/0x490\n[ 662.815603] ? __ibdev_printk+0x76/0xc0 [ib_core]\n[ 662.815633] device_del+0x37/0x3d0\n[ 662.815639] ice_unplug_aux_dev+0x1a/0x40 [ice]\n[ 662.815674] ice_schedule_reset+0x3c/0xd0 [ice]\n[ 662.815693] irdma_iidc_event_handler.cold.7+0xb6/0xd3 [irdma]\n[ 662.815712] ? bitmap_find_next_zero_area_off+0x45/0xa0\n[ 662.815719] ice_send_event_to_aux+0x54/0x70 [ice]\n[ 662.815741] ice_misc_intr+0x21d/0x2d0 [ice]\n[ 662.815756] __handle_irq_event_percpu+0x4c/0x180\n[ 662.815762] handle_irq_event_percpu+0xf/0x40\n[ 662.815764] handle_irq_event+0x34/0x60\n[ 662.815766] handle_edge_irq+0x9a/0x1c0\n[ 662.815770] __common_interrupt+0x62/0x100\n[ 662.815774] common_interrupt+0xb4/0xd0\n[ 662.815779] \u003c/IRQ\u003e\n[ 662.815780] \u003cTASK\u003e\n[ 662.815780] asm_common_interrupt+0x1e/0x40\n[ 662.815785] RIP: 0010:cpuidle_enter_state+0xd6/0x380\n[ 662.815789] Code: 49 89 c4 0f 1f 44 00 00 31 ff e8 65 d7 95 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 64 02 00 00 31 ff e8 ae c5 9c ff fb 45 85 f6 \u003c0f\u003e 88 12 01 00 00 49 63 d6 4c 2b 24 24 48 8d 04 52 48 8d 04 82 49\n[ 662.815791] RSP: 0018:ff2c2c4f18edbe80 EFLAGS: 00000202\n[ 662.815793] RAX: ff280805df140000 RBX: 0000000000000002 RCX: 000000000000001f\n[ 662.815795] RDX: 0000009a52da2d08 R\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48653",
"url": "https://www.suse.com/security/cve/CVE-2022-48653"
},
{
"category": "external",
"summary": "SUSE Bug 1223474 for CVE-2022-48653",
"url": "https://bugzilla.suse.com/1223474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "low"
}
],
"title": "CVE-2022-48653"
},
{
"cve": "CVE-2022-48654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48654"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()\n\nnf_osf_find() incorrectly returns true on mismatch, this leads to\ncopying uninitialized memory area in nft_osf which can be used to leak\nstale kernel stack data to userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48654",
"url": "https://www.suse.com/security/cve/CVE-2022-48654"
},
{
"category": "external",
"summary": "SUSE Bug 1223482 for CVE-2022-48654",
"url": "https://bugzilla.suse.com/1223482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "low"
}
],
"title": "CVE-2022-48654"
},
{
"cve": "CVE-2022-48655",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48655"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Harden accesses to the reset domains\n\nAccessing reset domains descriptors by the index upon the SCMI drivers\nrequests through the SCMI reset operations interface can potentially\nlead to out-of-bound violations if the SCMI driver misbehave.\n\nAdd an internal consistency check before any such domains descriptors\naccesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48655",
"url": "https://www.suse.com/security/cve/CVE-2022-48655"
},
{
"category": "external",
"summary": "SUSE Bug 1223477 for CVE-2022-48655",
"url": "https://bugzilla.suse.com/1223477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2022-48655"
},
{
"cve": "CVE-2022-48656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()\n\nWe should call of_node_put() for the reference returned by\nof_parse_phandle() in fail path or when it is not used anymore.\nHere we only need to move the of_node_put() before the check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48656",
"url": "https://www.suse.com/security/cve/CVE-2022-48656"
},
{
"category": "external",
"summary": "SUSE Bug 1223479 for CVE-2022-48656",
"url": "https://bugzilla.suse.com/1223479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "low"
}
],
"title": "CVE-2022-48656"
},
{
"cve": "CVE-2022-48657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48657"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: topology: fix possible overflow in amu_fie_setup()\n\ncpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*,\nwhile freq_inv_set_max_ratio() gets passed this frequency in Hz as \u0027u64\u0027.\nMultiplying max frequency by 1000 can potentially result in overflow --\nmultiplying by 1000ULL instead should avoid that...\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48657",
"url": "https://www.suse.com/security/cve/CVE-2022-48657"
},
{
"category": "external",
"summary": "SUSE Bug 1223484 for CVE-2022-48657",
"url": "https://bugzilla.suse.com/1223484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "low"
}
],
"title": "CVE-2022-48657"
},
{
"cve": "CVE-2022-48660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: Set lineevent_state::irq after IRQ register successfully\n\nWhen running gpio test on nxp-ls1028 platform with below command\ngpiomon --num-events=3 --rising-edge gpiochip1 25\nThere will be a warning trace as below:\nCall trace:\nfree_irq+0x204/0x360\nlineevent_free+0x64/0x70\ngpio_ioctl+0x598/0x6a0\n__arm64_sys_ioctl+0xb4/0x100\ninvoke_syscall+0x5c/0x130\n......\nel0t_64_sync+0x1a0/0x1a4\nThe reason of this issue is that calling request_threaded_irq()\nfunction failed, and then lineevent_free() is invoked to release\nthe resource. Since the lineevent_state::irq was already set, so\nthe subsequent invocation of free_irq() would trigger the above\nwarning call trace. To fix this issue, set the lineevent_state::irq\nafter the IRQ register successfully.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48660",
"url": "https://www.suse.com/security/cve/CVE-2022-48660"
},
{
"category": "external",
"summary": "SUSE Bug 1223487 for CVE-2022-48660",
"url": "https://bugzilla.suse.com/1223487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "low"
}
],
"title": "CVE-2022-48660"
},
{
"cve": "CVE-2022-48662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Really move i915_gem_context.link under ref protection\n\ni915_perf assumes that it can use the i915_gem_context reference to\nprotect its i915-\u003egem.contexts.list iteration. However, this requires\nthat we do not remove the context from the list until after we drop the\nfinal reference and release the struct. If, as currently, we remove the\ncontext from the list during context_close(), the link.next pointer may\nbe poisoned while we are holding the context reference and cause a GPF:\n\n[ 4070.573157] i915 0000:00:02.0: [drm:i915_perf_open_ioctl [i915]] filtering on ctx_id=0x1fffff ctx_id_mask=0x1fffff\n[ 4070.574881] general protection fault, probably for non-canonical address 0xdead000000000100: 0000 [#1] PREEMPT SMP\n[ 4070.574897] CPU: 1 PID: 284392 Comm: amd_performance Tainted: G E 5.17.9 #180\n[ 4070.574903] Hardware name: Intel Corporation NUC7i5BNK/NUC7i5BNB, BIOS BNKBL357.86A.0052.2017.0918.1346 09/18/2017\n[ 4070.574907] RIP: 0010:oa_configure_all_contexts.isra.0+0x222/0x350 [i915]\n[ 4070.574982] Code: 08 e8 32 6e 10 e1 4d 8b 6d 50 b8 ff ff ff ff 49 83 ed 50 f0 41 0f c1 04 24 83 f8 01 0f 84 e3 00 00 00 85 c0 0f 8e fa 00 00 00 \u003c49\u003e 8b 45 50 48 8d 70 b0 49 8d 45 50 48 39 44 24 10 0f 85 34 fe ff\n[ 4070.574990] RSP: 0018:ffffc90002077b78 EFLAGS: 00010202\n[ 4070.574995] RAX: 0000000000000002 RBX: 0000000000000002 RCX: 0000000000000000\n[ 4070.575000] RDX: 0000000000000001 RSI: ffffc90002077b20 RDI: ffff88810ddc7c68\n[ 4070.575004] RBP: 0000000000000001 R08: ffff888103242648 R09: fffffffffffffffc\n[ 4070.575008] R10: ffffffff82c50bc0 R11: 0000000000025c80 R12: ffff888101bf1860\n[ 4070.575012] R13: dead0000000000b0 R14: ffffc90002077c04 R15: ffff88810be5cabc\n[ 4070.575016] FS: 00007f1ed50c0780(0000) GS:ffff88885ec80000(0000) knlGS:0000000000000000\n[ 4070.575021] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4070.575025] CR2: 00007f1ed5590280 CR3: 000000010ef6f005 CR4: 00000000003706e0\n[ 4070.575029] Call Trace:\n[ 4070.575033] \u003cTASK\u003e\n[ 4070.575037] lrc_configure_all_contexts+0x13e/0x150 [i915]\n[ 4070.575103] gen8_enable_metric_set+0x4d/0x90 [i915]\n[ 4070.575164] i915_perf_open_ioctl+0xbc0/0x1500 [i915]\n[ 4070.575224] ? asm_common_interrupt+0x1e/0x40\n[ 4070.575232] ? i915_oa_init_reg_state+0x110/0x110 [i915]\n[ 4070.575290] drm_ioctl_kernel+0x85/0x110\n[ 4070.575296] ? update_load_avg+0x5f/0x5e0\n[ 4070.575302] drm_ioctl+0x1d3/0x370\n[ 4070.575307] ? i915_oa_init_reg_state+0x110/0x110 [i915]\n[ 4070.575382] ? gen8_gt_irq_handler+0x46/0x130 [i915]\n[ 4070.575445] __x64_sys_ioctl+0x3c4/0x8d0\n[ 4070.575451] ? __do_softirq+0xaa/0x1d2\n[ 4070.575456] do_syscall_64+0x35/0x80\n[ 4070.575461] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 4070.575467] RIP: 0033:0x7f1ed5c10397\n[ 4070.575471] Code: 3c 1c e8 1c ff ff ff 85 c0 79 87 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d a9 da 0d 00 f7 d8 64 89 01 48\n[ 4070.575478] RSP: 002b:00007ffd65c8d7a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[ 4070.575484] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f1ed5c10397\n[ 4070.575488] RDX: 00007ffd65c8d7c0 RSI: 0000000040106476 RDI: 0000000000000006\n[ 4070.575492] RBP: 00005620972f9c60 R08: 000000000000000a R09: 0000000000000005\n[ 4070.575496] R10: 000000000000000d R11: 0000000000000246 R12: 000000000000000a\n[ 4070.575500] R13: 000000000000000d R14: 0000000000000000 R15: 00007ffd65c8d7c0\n[ 4070.575505] \u003c/TASK\u003e\n[ 4070.575507] Modules linked in: nls_ascii(E) nls_cp437(E) vfat(E) fat(E) i915(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) aesni_intel(E) crypto_simd(E) intel_gtt(E) cryptd(E) ttm(E) rapl(E) intel_cstate(E) drm_kms_helper(E) cfbfillrect(E) syscopyarea(E) cfbimgblt(E) intel_uncore(E) sysfillrect(E) mei_me(E) sysimgblt(E) i2c_i801(E) fb_sys_fops(E) mei(E) intel_pch_thermal(E) i2c_smbus\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48662",
"url": "https://www.suse.com/security/cve/CVE-2022-48662"
},
{
"category": "external",
"summary": "SUSE Bug 1223505 for CVE-2022-48662",
"url": "https://bugzilla.suse.com/1223505"
},
{
"category": "external",
"summary": "SUSE Bug 1223521 for CVE-2022-48662",
"url": "https://bugzilla.suse.com/1223521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "important"
}
],
"title": "CVE-2022-48662"
},
{
"cve": "CVE-2022-48663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mockup: fix NULL pointer dereference when removing debugfs\n\nWe now remove the device\u0027s debugfs entries when unbinding the driver.\nThis now causes a NULL-pointer dereference on module exit because the\nplatform devices are unregistered *after* the global debugfs directory\nhas been recursively removed. Fix it by unregistering the devices first.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48663",
"url": "https://www.suse.com/security/cve/CVE-2022-48663"
},
{
"category": "external",
"summary": "SUSE Bug 1223523 for CVE-2022-48663",
"url": "https://bugzilla.suse.com/1223523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2022-48663"
},
{
"cve": "CVE-2022-48667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix temporary data corruption in insert range\n\ninsert range doesn\u0027t discard the affected cached region\nso can risk temporarily corrupting file data.\n\nAlso includes some minor cleanup (avoiding rereading\ninode size repeatedly unnecessarily) to make it clearer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48667",
"url": "https://www.suse.com/security/cve/CVE-2022-48667"
},
{
"category": "external",
"summary": "SUSE Bug 1223518 for CVE-2022-48667",
"url": "https://bugzilla.suse.com/1223518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2022-48667"
},
{
"cve": "CVE-2022-48668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix temporary data corruption in collapse range\n\ncollapse range doesn\u0027t discard the affected cached region\nso can risk temporarily corrupting the file data. This\nfixes xfstest generic/031\n\nI also decided to merge a minor cleanup to this into the same patch\n(avoiding rereading inode size repeatedly unnecessarily) to make it\nclearer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48668",
"url": "https://www.suse.com/security/cve/CVE-2022-48668"
},
{
"category": "external",
"summary": "SUSE Bug 1223516 for CVE-2022-48668",
"url": "https://bugzilla.suse.com/1223516"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2022-48668"
},
{
"cve": "CVE-2023-0160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0160"
}
],
"notes": [
{
"category": "general",
"text": "A deadlock flaw was found in the Linux kernel\u0027s BPF subsystem. This flaw allows a local user to potentially crash the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0160",
"url": "https://www.suse.com/security/cve/CVE-2023-0160"
},
{
"category": "external",
"summary": "SUSE Bug 1209657 for CVE-2023-0160",
"url": "https://bugzilla.suse.com/1209657"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-0160"
},
{
"cve": "CVE-2023-52476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52476"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/lbr: Filter vsyscall addresses\n\nWe found that a panic can occur when a vsyscall is made while LBR sampling\nis active. If the vsyscall is interrupted (NMI) for perf sampling, this\ncall sequence can occur (most recent at top):\n\n __insn_get_emulate_prefix()\n insn_get_emulate_prefix()\n insn_get_prefixes()\n insn_get_opcode()\n decode_branch_type()\n get_branch_type()\n intel_pmu_lbr_filter()\n intel_pmu_handle_irq()\n perf_event_nmi_handler()\n\nWithin __insn_get_emulate_prefix() at frame 0, a macro is called:\n\n peek_nbyte_next(insn_byte_t, insn, i)\n\nWithin this macro, this dereference occurs:\n\n (insn)-\u003enext_byte\n\nInspecting registers at this point, the value of the next_byte field is the\naddress of the vsyscall made, for example the location of the vsyscall\nversion of gettimeofday() at 0xffffffffff600000. The access to an address\nin the vsyscall region will trigger an oops due to an unhandled page fault.\n\nTo fix the bug, filtering for vsyscalls can be done when\ndetermining the branch type. This patch will return\na \"none\" branch if a kernel address if found to lie in the\nvsyscall region.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52476",
"url": "https://www.suse.com/security/cve/CVE-2023-52476"
},
{
"category": "external",
"summary": "SUSE Bug 1220703 for CVE-2023-52476",
"url": "https://bugzilla.suse.com/1220703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-52476"
},
{
"cve": "CVE-2023-52500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52500"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command\n\nTags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed\nwhen we receive the response.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52500",
"url": "https://www.suse.com/security/cve/CVE-2023-52500"
},
{
"category": "external",
"summary": "SUSE Bug 1220883 for CVE-2023-52500",
"url": "https://bugzilla.suse.com/1220883"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-52500"
},
{
"cve": "CVE-2023-52590",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52590"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: Avoid touching renamed directory if parent does not change\n\nThe VFS will not be locking moved directory if its parent does not\nchange. Change ocfs2 rename code to avoid touching renamed directory if\nits parent does not change as without locking that can corrupt the\nfilesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52590",
"url": "https://www.suse.com/security/cve/CVE-2023-52590"
},
{
"category": "external",
"summary": "SUSE Bug 1221088 for CVE-2023-52590",
"url": "https://bugzilla.suse.com/1221088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-52590"
},
{
"cve": "CVE-2023-52591",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52591"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nreiserfs: Avoid touching renamed directory if parent does not change\n\nThe VFS will not be locking moved directory if its parent does not\nchange. Change reiserfs rename code to avoid touching renamed directory\nif its parent does not change as without locking that can corrupt the\nfilesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52591",
"url": "https://www.suse.com/security/cve/CVE-2023-52591"
},
{
"category": "external",
"summary": "SUSE Bug 1221044 for CVE-2023-52591",
"url": "https://bugzilla.suse.com/1221044"
},
{
"category": "external",
"summary": "SUSE Bug 1221578 for CVE-2023-52591",
"url": "https://bugzilla.suse.com/1221578"
},
{
"category": "external",
"summary": "SUSE Bug 1221598 for CVE-2023-52591",
"url": "https://bugzilla.suse.com/1221598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "important"
}
],
"title": "CVE-2023-52591"
},
{
"cve": "CVE-2023-52607",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52607"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/mm: Fix null-pointer dereference in pgtable_cache_add\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52607",
"url": "https://www.suse.com/security/cve/CVE-2023-52607"
},
{
"category": "external",
"summary": "SUSE Bug 1221061 for CVE-2023-52607",
"url": "https://bugzilla.suse.com/1221061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-52607"
},
{
"cve": "CVE-2023-52616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init\n\nWhen the mpi_ec_ctx structure is initialized, some fields are not\ncleared, causing a crash when referencing the field when the\nstructure was released. Initially, this issue was ignored because\nmemory for mpi_ec_ctx is allocated with the __GFP_ZERO flag.\nFor example, this error will be triggered when calculating the\nZa value for SM2 separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52616",
"url": "https://www.suse.com/security/cve/CVE-2023-52616"
},
{
"category": "external",
"summary": "SUSE Bug 1221612 for CVE-2023-52616",
"url": "https://bugzilla.suse.com/1221612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-52616"
},
{
"cve": "CVE-2023-52628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52628"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nftables: exthdr: fix 4-byte stack OOB write\n\nIf priv-\u003elen is a multiple of 4, then dst[len / 4] can write past\nthe destination array which leads to stack corruption.\n\nThis construct is necessary to clean the remainder of the register\nin case -\u003elen is NOT a multiple of the register size, so make it\nconditional just like nft_payload.c does.\n\nThe bug was added in 4.1 cycle and then copied/inherited when\ntcp/sctp and ip option support was added.\n\nBug reported by Zero Day Initiative project (ZDI-CAN-21950,\nZDI-CAN-21951, ZDI-CAN-21961).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52628",
"url": "https://www.suse.com/security/cve/CVE-2023-52628"
},
{
"category": "external",
"summary": "SUSE Bug 1222117 for CVE-2023-52628",
"url": "https://bugzilla.suse.com/1222117"
},
{
"category": "external",
"summary": "SUSE Bug 1222118 for CVE-2023-52628",
"url": "https://bugzilla.suse.com/1222118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "important"
}
],
"title": "CVE-2023-52628"
},
{
"cve": "CVE-2023-7042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-7042"
}
],
"notes": [
{
"category": "general",
"text": "A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-7042",
"url": "https://www.suse.com/security/cve/CVE-2023-7042"
},
{
"category": "external",
"summary": "SUSE Bug 1218336 for CVE-2023-7042",
"url": "https://bugzilla.suse.com/1218336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-7042"
},
{
"cve": "CVE-2023-7192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-7192"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-7192",
"url": "https://www.suse.com/security/cve/CVE-2023-7192"
},
{
"category": "external",
"summary": "SUSE Bug 1218479 for CVE-2023-7192",
"url": "https://bugzilla.suse.com/1218479"
},
{
"category": "external",
"summary": "SUSE Bug 1227675 for CVE-2023-7192",
"url": "https://bugzilla.suse.com/1227675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-7192"
},
{
"cve": "CVE-2024-0841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0841"
}
],
"notes": [
{
"category": "general",
"text": "A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0841",
"url": "https://www.suse.com/security/cve/CVE-2024-0841"
},
{
"category": "external",
"summary": "SUSE Bug 1219264 for CVE-2024-0841",
"url": "https://bugzilla.suse.com/1219264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-0841"
},
{
"cve": "CVE-2024-22099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22099"
}
],
"notes": [
{
"category": "general",
"text": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.\n\nThis issue affects Linux kernel: v2.6.12-rc2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22099",
"url": "https://www.suse.com/security/cve/CVE-2024-22099"
},
{
"category": "external",
"summary": "SUSE Bug 1219170 for CVE-2024-22099",
"url": "https://bugzilla.suse.com/1219170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-22099"
},
{
"cve": "CVE-2024-23307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23307"
}
],
"notes": [
{
"category": "general",
"text": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23307",
"url": "https://www.suse.com/security/cve/CVE-2024-23307"
},
{
"category": "external",
"summary": "SUSE Bug 1219169 for CVE-2024-23307",
"url": "https://bugzilla.suse.com/1219169"
},
{
"category": "external",
"summary": "SUSE Bug 1220145 for CVE-2024-23307",
"url": "https://bugzilla.suse.com/1220145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "important"
}
],
"title": "CVE-2024-23307"
},
{
"cve": "CVE-2024-23848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23848",
"url": "https://www.suse.com/security/cve/CVE-2024-23848"
},
{
"category": "external",
"summary": "SUSE Bug 1219104 for CVE-2024-23848",
"url": "https://bugzilla.suse.com/1219104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-23848"
},
{
"cve": "CVE-2024-23850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23850"
}
],
"notes": [
{
"category": "general",
"text": "In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23850",
"url": "https://www.suse.com/security/cve/CVE-2024-23850"
},
{
"category": "external",
"summary": "SUSE Bug 1219126 for CVE-2024-23850",
"url": "https://bugzilla.suse.com/1219126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-23850"
},
{
"cve": "CVE-2024-26601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: regenerate buddy after block freeing failed if under fc replay\n\nThis mostly reverts commit 6bd97bf273bd (\"ext4: remove redundant\nmb_regenerate_buddy()\") and reintroduces mb_regenerate_buddy(). Based on\ncode in mb_free_blocks(), fast commit replay can end up marking as free\nblocks that are already marked as such. This causes corruption of the\nbuddy bitmap so we need to regenerate it in that case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26601",
"url": "https://www.suse.com/security/cve/CVE-2024-26601"
},
{
"category": "external",
"summary": "SUSE Bug 1220342 for CVE-2024-26601",
"url": "https://bugzilla.suse.com/1220342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26601"
},
{
"cve": "CVE-2024-26610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26610"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix a memory corruption\n\niwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that\nif we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in\nbytes, we\u0027ll write past the buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26610",
"url": "https://www.suse.com/security/cve/CVE-2024-26610"
},
{
"category": "external",
"summary": "SUSE Bug 1221299 for CVE-2024-26610",
"url": "https://bugzilla.suse.com/1221299"
},
{
"category": "external",
"summary": "SUSE Bug 1221302 for CVE-2024-26610",
"url": "https://bugzilla.suse.com/1221302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "important"
}
],
"title": "CVE-2024-26610"
},
{
"cve": "CVE-2024-26614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26614"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: make sure init the accept_queue\u0027s spinlocks once\n\nWhen I run syz\u0027s reproduction C program locally, it causes the following\nissue:\npvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0!\nWARNING: CPU: 19 PID: 21160 at __pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\nRIP: 0010:__pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)\nCode: 73 56 3a ff 90 c3 cc cc cc cc 8b 05 bb 1f 48 01 85 c0 74 05 c3 cc cc cc cc 8b 17 48 89 fe 48 c7 c7\n30 20 ce 8f e8 ad 56 42 ff \u003c0f\u003e 0b c3 cc cc cc cc 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90\nRSP: 0018:ffffa8d200604cb8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9d1ef60e0908\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9d1ef60e0900\nRBP: ffff9d181cd5c280 R08: 0000000000000000 R09: 00000000ffff7fff\nR10: ffffa8d200604b68 R11: ffffffff907dcdc8 R12: 0000000000000000\nR13: ffff9d181cd5c660 R14: ffff9d1813a3f330 R15: 0000000000001000\nFS: 00007fa110184640(0000) GS:ffff9d1ef60c0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000000 CR3: 000000011f65e000 CR4: 00000000000006f0\nCall Trace:\n\u003cIRQ\u003e\n _raw_spin_unlock (kernel/locking/spinlock.c:186)\n inet_csk_reqsk_queue_add (net/ipv4/inet_connection_sock.c:1321)\n inet_csk_complete_hashdance (net/ipv4/inet_connection_sock.c:1358)\n tcp_check_req (net/ipv4/tcp_minisocks.c:868)\n tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2260)\n ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205)\n ip_local_deliver_finish (net/ipv4/ip_input.c:234)\n __netif_receive_skb_one_core (net/core/dev.c:5529)\n process_backlog (./include/linux/rcupdate.h:779)\n __napi_poll (net/core/dev.c:6533)\n net_rx_action (net/core/dev.c:6604)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27)\n do_softirq (kernel/softirq.c:454 kernel/softirq.c:441)\n\u003c/IRQ\u003e\n\u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:381)\n __dev_queue_xmit (net/core/dev.c:4374)\n ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:235)\n __ip_queue_xmit (net/ipv4/ip_output.c:535)\n __tcp_transmit_skb (net/ipv4/tcp_output.c:1462)\n tcp_rcv_synsent_state_process (net/ipv4/tcp_input.c:6469)\n tcp_rcv_state_process (net/ipv4/tcp_input.c:6657)\n tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1929)\n __release_sock (./include/net/sock.h:1121 net/core/sock.c:2968)\n release_sock (net/core/sock.c:3536)\n inet_wait_for_connect (net/ipv4/af_inet.c:609)\n __inet_stream_connect (net/ipv4/af_inet.c:702)\n inet_stream_connect (net/ipv4/af_inet.c:748)\n __sys_connect (./include/linux/file.h:45 net/socket.c:2064)\n __x64_sys_connect (net/socket.c:2073 net/socket.c:2070 net/socket.c:2070)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\n RIP: 0033:0x7fa10ff05a3d\n Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89\n c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48\n RSP: 002b:00007fa110183de8 EFLAGS: 00000202 ORIG_RAX: 000000000000002a\n RAX: ffffffffffffffda RBX: 0000000020000054 RCX: 00007fa10ff05a3d\n RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003\n RBP: 00007fa110183e20 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007fa110184640\n R13: 0000000000000000 R14: 00007fa10fe8b060 R15: 00007fff73e23b20\n\u003c/TASK\u003e\n\nThe issue triggering process is analyzed as follows:\nThread A Thread B\ntcp_v4_rcv\t//receive ack TCP packet inet_shutdown\n tcp_check_req tcp_disconnect //disconnect sock\n ... tcp_set_state(sk, TCP_CLOSE)\n inet_csk_complete_hashdance ...\n inet_csk_reqsk_queue_add \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26614",
"url": "https://www.suse.com/security/cve/CVE-2024-26614"
},
{
"category": "external",
"summary": "SUSE Bug 1221293 for CVE-2024-26614",
"url": "https://bugzilla.suse.com/1221293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26614"
},
{
"cve": "CVE-2024-26642",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26642"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow anonymous set with timeout flag\n\nAnonymous sets are never used with timeout from userspace, reject this.\nException to this rule is NFT_SET_EVAL to ensure legacy meters still work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26642",
"url": "https://www.suse.com/security/cve/CVE-2024-26642"
},
{
"category": "external",
"summary": "SUSE Bug 1221830 for CVE-2024-26642",
"url": "https://bugzilla.suse.com/1221830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26642"
},
{
"cve": "CVE-2024-26687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/events: close evtchn after mapping cleanup\n\nshutdown_pirq and startup_pirq are not taking the\nirq_mapping_update_lock because they can\u0027t due to lock inversion. Both\nare called with the irq_desc-\u003elock being taking. The lock order,\nhowever, is first irq_mapping_update_lock and then irq_desc-\u003elock.\n\nThis opens multiple races:\n- shutdown_pirq can be interrupted by a function that allocates an event\n channel:\n\n CPU0 CPU1\n shutdown_pirq {\n xen_evtchn_close(e)\n __startup_pirq {\n EVTCHNOP_bind_pirq\n -\u003e returns just freed evtchn e\n set_evtchn_to_irq(e, irq)\n }\n xen_irq_info_cleanup() {\n set_evtchn_to_irq(e, -1)\n }\n }\n\n Assume here event channel e refers here to the same event channel\n number.\n After this race the evtchn_to_irq mapping for e is invalid (-1).\n\n- __startup_pirq races with __unbind_from_irq in a similar way. Because\n __startup_pirq doesn\u0027t take irq_mapping_update_lock it can grab the\n evtchn that __unbind_from_irq is currently freeing and cleaning up. In\n this case even though the event channel is allocated, its mapping can\n be unset in evtchn_to_irq.\n\nThe fix is to first cleanup the mappings and then close the event\nchannel. In this way, when an event channel gets allocated it\u0027s\npotential previous evtchn_to_irq mappings are guaranteed to be unset already.\nThis is also the reverse order of the allocation where first the event\nchannel is allocated and then the mappings are setup.\n\nOn a 5.10 kernel prior to commit 3fcdaf3d7634 (\"xen/events: modify internal\n[un]bind interfaces\"), we hit a BUG like the following during probing of NVMe\ndevices. The issue is that during nvme_setup_io_queues, pci_free_irq\nis called for every device which results in a call to shutdown_pirq.\nWith many nvme devices it\u0027s therefore likely to hit this race during\nboot because there will be multiple calls to shutdown_pirq and\nstartup_pirq are running potentially in parallel.\n\n ------------[ cut here ]------------\n blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled\n kernel BUG at drivers/xen/events/events_base.c:499!\n invalid opcode: 0000 [#1] SMP PTI\n CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1\n Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006\n Workqueue: nvme-reset-wq nvme_reset_work\n RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0\n Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff \u003c0f\u003e 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00\n RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006\n RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff\n RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed\n R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002\n FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n ? show_trace_log_lvl+0x1c1/0x2d9\n ? show_trace_log_lvl+0x1c1/0x2d9\n ? set_affinity_irq+0xdc/0x1c0\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0x90/0x110\n ? bind_evtchn_to_cpu+0xdf/0xf0\n ? do_error_trap+0x65/0x80\n ? bind_evtchn_to_cpu+0xdf/0xf0\n ? exc_invalid_op+0x4e/0x70\n ? bind_evtchn_to_cpu+0xdf/0xf0\n ? asm_exc_invalid_op+0x12/0x20\n ? bind_evtchn_to_cpu+0xdf/0x\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26687",
"url": "https://www.suse.com/security/cve/CVE-2024-26687"
},
{
"category": "external",
"summary": "SUSE Bug 1222435 for CVE-2024-26687",
"url": "https://bugzilla.suse.com/1222435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26687"
},
{
"cve": "CVE-2024-26688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super\n\nWhen configuring a hugetlb filesystem via the fsconfig() syscall, there is\na possible NULL dereference in hugetlbfs_fill_super() caused by assigning\nNULL to ctx-\u003ehstate in hugetlbfs_parse_param() when the requested pagesize\nis non valid.\n\nE.g: Taking the following steps:\n\n fd = fsopen(\"hugetlbfs\", FSOPEN_CLOEXEC);\n fsconfig(fd, FSCONFIG_SET_STRING, \"pagesize\", \"1024\", 0);\n fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);\n\nGiven that the requested \"pagesize\" is invalid, ctxt-\u003ehstate will be replaced\nwith NULL, losing its previous value, and we will print an error:\n\n ...\n ...\n case Opt_pagesize:\n ps = memparse(param-\u003estring, \u0026rest);\n ctx-\u003ehstate = h;\n if (!ctx-\u003ehstate) {\n pr_err(\"Unsupported page size %lu MB\\n\", ps / SZ_1M);\n return -EINVAL;\n }\n return 0;\n ...\n ...\n\nThis is a problem because later on, we will dereference ctxt-\u003ehstate in\nhugetlbfs_fill_super()\n\n ...\n ...\n sb-\u003es_blocksize = huge_page_size(ctx-\u003ehstate);\n ...\n ...\n\nCausing below Oops.\n\nFix this by replacing cxt-\u003ehstate value only when then pagesize is known\nto be valid.\n\n kernel: hugetlbfs: Unsupported page size 0 MB\n kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028\n kernel: #PF: supervisor read access in kernel mode\n kernel: #PF: error_code(0x0000) - not-present page\n kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0\n kernel: Oops: 0000 [#1] PREEMPT SMP PTI\n kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f\n kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017\n kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0\n kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 \u003c8b\u003e 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28\n kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246\n kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004\n kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000\n kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004\n kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000\n kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400\n kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0\n kernel: Call Trace:\n kernel: \u003cTASK\u003e\n kernel: ? __die_body+0x1a/0x60\n kernel: ? page_fault_oops+0x16f/0x4a0\n kernel: ? search_bpf_extables+0x65/0x70\n kernel: ? fixup_exception+0x22/0x310\n kernel: ? exc_page_fault+0x69/0x150\n kernel: ? asm_exc_page_fault+0x22/0x30\n kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10\n kernel: ? hugetlbfs_fill_super+0xb4/0x1a0\n kernel: ? hugetlbfs_fill_super+0x28/0x1a0\n kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10\n kernel: vfs_get_super+0x40/0xa0\n kernel: ? __pfx_bpf_lsm_capable+0x10/0x10\n kernel: vfs_get_tree+0x25/0xd0\n kernel: vfs_cmd_create+0x64/0xe0\n kernel: __x64_sys_fsconfig+0x395/0x410\n kernel: do_syscall_64+0x80/0x160\n kernel: ? syscall_exit_to_user_mode+0x82/0x240\n kernel: ? do_syscall_64+0x8d/0x160\n kernel: ? syscall_exit_to_user_mode+0x82/0x240\n kernel: ? do_syscall_64+0x8d/0x160\n kernel: ? exc_page_fault+0x69/0x150\n kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76\n kernel: RIP: 0033:0x7ffbc0cb87c9\n kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48\n kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af\n kernel: RAX: fffffffffff\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26688",
"url": "https://www.suse.com/security/cve/CVE-2024-26688"
},
{
"category": "external",
"summary": "SUSE Bug 1222482 for CVE-2024-26688",
"url": "https://bugzilla.suse.com/1222482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26688"
},
{
"cve": "CVE-2024-26689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: prevent use-after-free in encode_cap_msg()\n\nIn fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was\ncaught by KASAN at this line - \u0027ceph_buffer_get(arg-\u003exattr_buf);\u0027. This\nimplies before the refcount could be increment here, it was freed.\n\nIn same file, in \"handle_cap_grant()\" refcount is decremented by this\nline - \u0027ceph_buffer_put(ci-\u003ei_xattrs.blob);\u0027. It appears that a race\noccurred and resource was freed by the latter line before the former\nline could increment it.\n\nencode_cap_msg() is called by __send_cap() and __send_cap() is called by\nceph_check_caps() after calling __prep_cap(). __prep_cap() is where\narg-\u003exattr_buf is assigned to ci-\u003ei_xattrs.blob. This is the spot where\nthe refcount must be increased to prevent \"use after free\" error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26689",
"url": "https://www.suse.com/security/cve/CVE-2024-26689"
},
{
"category": "external",
"summary": "SUSE Bug 1222503 for CVE-2024-26689",
"url": "https://bugzilla.suse.com/1222503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26689"
},
{
"cve": "CVE-2024-26704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix double-free of blocks due to wrong extents moved_len\n\nIn ext4_move_extents(), moved_len is only updated when all moves are\nsuccessfully executed, and only discards orig_inode and donor_inode\npreallocations when moved_len is not zero. When the loop fails to exit\nafter successfully moving some extents, moved_len is not updated and\nremains at 0, so it does not discard the preallocations.\n\nIf the moved extents overlap with the preallocated extents, the\noverlapped extents are freed twice in ext4_mb_release_inode_pa() and\next4_process_freed_data() (as described in commit 94d7c16cbbbd (\"ext4:\nFix double-free of blocks with EXT4_IOC_MOVE_EXT\")), and bb_free is\nincremented twice. Hence when trim is executed, a zero-division bug is\ntriggered in mb_update_avg_fragment_size() because bb_free is not zero\nand bb_fragments is zero.\n\nTherefore, update move_len after each extent move to avoid the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26704",
"url": "https://www.suse.com/security/cve/CVE-2024-26704"
},
{
"category": "external",
"summary": "SUSE Bug 1222422 for CVE-2024-26704",
"url": "https://bugzilla.suse.com/1222422"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26704"
},
{
"cve": "CVE-2024-26727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not ASSERT() if the newly created subvolume already got read\n\n[BUG]\nThere is a syzbot crash, triggered by the ASSERT() during subvolume\ncreation:\n\n assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/disk-io.c:1319!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60\n \u003cTASK\u003e\n btrfs_get_new_fs_root+0xd3/0xf0\n create_subvol+0xd02/0x1650\n btrfs_mksubvol+0xe95/0x12b0\n __btrfs_ioctl_snap_create+0x2f9/0x4f0\n btrfs_ioctl_snap_create+0x16b/0x200\n btrfs_ioctl+0x35f0/0x5cf0\n __x64_sys_ioctl+0x19d/0x210\n do_syscall_64+0x3f/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n ---[ end trace 0000000000000000 ]---\n\n[CAUSE]\nDuring create_subvol(), after inserting root item for the newly created\nsubvolume, we would trigger btrfs_get_new_fs_root() to get the\nbtrfs_root of that subvolume.\n\nThe idea here is, we have preallocated an anonymous device number for\nthe subvolume, thus we can assign it to the new subvolume.\n\nBut there is really nothing preventing things like backref walk to read\nthe new subvolume.\nIf that happens before we call btrfs_get_new_fs_root(), the subvolume\nwould be read out, with a new anonymous device number assigned already.\n\nIn that case, we would trigger ASSERT(), as we really expect no one to\nread out that subvolume (which is not yet accessible from the fs).\nBut things like backref walk is still possible to trigger the read on\nthe subvolume.\n\nThus our assumption on the ASSERT() is not correct in the first place.\n\n[FIX]\nFix it by removing the ASSERT(), and just free the @anon_dev, reset it\nto 0, and continue.\n\nIf the subvolume tree is read out by something else, it should have\nalready get a new anon_dev assigned thus we only need to free the\npreallocated one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26727",
"url": "https://www.suse.com/security/cve/CVE-2024-26727"
},
{
"category": "external",
"summary": "SUSE Bug 1222536 for CVE-2024-26727",
"url": "https://bugzilla.suse.com/1222536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26727"
},
{
"cve": "CVE-2024-26733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: Prevent overflow in arp_req_get().\n\nsyzkaller reported an overflown write in arp_req_get(). [0]\n\nWhen ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour\nentry and copies neigh-\u003eha to struct arpreq.arp_ha.sa_data.\n\nThe arp_ha here is struct sockaddr, not struct sockaddr_storage, so\nthe sa_data buffer is just 14 bytes.\n\nIn the splat below, 2 bytes are overflown to the next int field,\narp_flags. We initialise the field just after the memcpy(), so it\u0027s\nnot a problem.\n\nHowever, when dev-\u003eaddr_len is greater than 22 (e.g. MAX_ADDR_LEN),\narp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL)\nin arp_ioctl() before calling arp_req_get().\n\nTo avoid the overflow, let\u0027s limit the max length of memcpy().\n\nNote that commit b5f0de6df6dc (\"net: dev: Convert sa_data to flexible\narray in struct sockaddr\") just silenced syzkaller.\n\n[0]:\nmemcpy: detected field-spanning write (size 16) of single field \"r-\u003earp_ha.sa_data\" at net/ipv4/arp.c:1128 (size 14)\nWARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nModules linked in:\nCPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014\nRIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nCode: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb \u003c0f\u003e 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6\nRSP: 0018:ffffc900050b7998 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001\nRBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000\nR13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010\nFS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261\n inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981\n sock_do_ioctl+0xdf/0x260 net/socket.c:1204\n sock_ioctl+0x3ef/0x650 net/socket.c:1321\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x64/0xce\nRIP: 0033:0x7f172b262b8d\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d\nRDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003\nRBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26733",
"url": "https://www.suse.com/security/cve/CVE-2024-26733"
},
{
"category": "external",
"summary": "SUSE Bug 1222585 for CVE-2024-26733",
"url": "https://bugzilla.suse.com/1222585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26733"
},
{
"cve": "CVE-2024-26739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: don\u0027t override retval if we already lost the skb\n\nIf we\u0027re redirecting the skb, and haven\u0027t called tcf_mirred_forward(),\nyet, we need to tell the core to drop the skb by setting the retcode\nto SHOT. If we have called tcf_mirred_forward(), however, the skb\nis out of our hands and returning SHOT will lead to UaF.\n\nMove the retval override to the error path which actually need it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26739",
"url": "https://www.suse.com/security/cve/CVE-2024-26739"
},
{
"category": "external",
"summary": "SUSE Bug 1222559 for CVE-2024-26739",
"url": "https://bugzilla.suse.com/1222559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26739"
},
{
"cve": "CVE-2024-26764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio\n\nIf kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the\nfollowing kernel warning appears:\n\nWARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8\nCall trace:\n kiocb_set_cancel_fn+0x9c/0xa8\n ffs_epfile_read_iter+0x144/0x1d0\n io_read+0x19c/0x498\n io_issue_sqe+0x118/0x27c\n io_submit_sqes+0x25c/0x5fc\n __arm64_sys_io_uring_enter+0x104/0xab0\n invoke_syscall+0x58/0x11c\n el0_svc_common+0xb4/0xf4\n do_el0_svc+0x2c/0xb0\n el0_svc+0x2c/0xa4\n el0t_64_sync_handler+0x68/0xb4\n el0t_64_sync+0x1a4/0x1a8\n\nFix this by setting the IOCB_AIO_RW flag for read and write I/O that is\nsubmitted by libaio.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26764",
"url": "https://www.suse.com/security/cve/CVE-2024-26764"
},
{
"category": "external",
"summary": "SUSE Bug 1222721 for CVE-2024-26764",
"url": "https://bugzilla.suse.com/1222721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26764"
},
{
"cve": "CVE-2024-26766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error\n\nUnfortunately the commit `fd8958efe877` introduced another error\ncausing the `descs` array to overflow. This reults in further crashes\neasily reproducible by `sendmsg` system call.\n\n[ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI\n[ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1]\n--\n[ 1080.974535] Call Trace:\n[ 1080.976990] \u003cTASK\u003e\n[ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1]\n[ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1]\n[ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1]\n[ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib]\n[ 1081.046978] dev_hard_start_xmit+0xc4/0x210\n--\n[ 1081.148347] __sys_sendmsg+0x59/0xa0\n\ncrash\u003e ipoib_txreq 0xffff9cfeba229f00\nstruct ipoib_txreq {\n txreq = {\n list = {\n next = 0xffff9cfeba229f00,\n prev = 0xffff9cfeba229f00\n },\n descp = 0xffff9cfeba229f40,\n coalesce_buf = 0x0,\n wait = 0xffff9cfea4e69a48,\n complete = 0xffffffffc0fe0760 \u003chfi1_ipoib_sdma_complete\u003e,\n packet_len = 0x46d,\n tlen = 0x0,\n num_desc = 0x0,\n desc_limit = 0x6,\n next_descq_idx = 0x45c,\n coalesce_idx = 0x0,\n flags = 0x0,\n descs = {{\n qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63)\n }, {\n qw = { 0x3800014231b108, 0x4}\n }, {\n qw = { 0x310000e4ee0fcf0, 0x8}\n }, {\n qw = { 0x3000012e9f8000, 0x8}\n }, {\n qw = { 0x59000dfb9d0000, 0x8}\n }, {\n qw = { 0x78000e02e40000, 0x8}\n }}\n },\n sdma_hdr = 0x400300015528b000, \u003c\u003c\u003c invalid pointer in the tx request structure\n sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62)\n complete = 0x0,\n priv = 0x0,\n txq = 0xffff9cfea4e69880,\n skb = 0xffff9d099809f400\n}\n\nIf an SDMA send consists of exactly 6 descriptors and requires dword\npadding (in the 7th descriptor), the sdma_txreq descriptor array is not\nproperly expanded and the packet will overflow into the container\nstructure. This results in a panic when the send completion runs. The\nexact panic varies depending on what elements of the container structure\nget corrupted. The fix is to use the correct expression in\n_pad_sdma_tx_descs() to test the need to expand the descriptor array.\n\nWith this patch the crashes are no longer reproducible and the machine is\nstable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26766",
"url": "https://www.suse.com/security/cve/CVE-2024-26766"
},
{
"category": "external",
"summary": "SUSE Bug 1222726 for CVE-2024-26766",
"url": "https://bugzilla.suse.com/1222726"
},
{
"category": "external",
"summary": "SUSE Bug 1222882 for CVE-2024-26766",
"url": "https://bugzilla.suse.com/1222882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "important"
}
],
"title": "CVE-2024-26766"
},
{
"cve": "CVE-2024-26773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()\n\nDetermine if the group block bitmap is corrupted before using ac_b_ex in\next4_mb_try_best_found() to avoid allocating blocks from a group with a\ncorrupted block bitmap in the following concurrency and making the\nsituation worse.\n\next4_mb_regular_allocator\n ext4_lock_group(sb, group)\n ext4_mb_good_group\n // check if the group bbitmap is corrupted\n ext4_mb_complex_scan_group\n // Scan group gets ac_b_ex but doesn\u0027t use it\n ext4_unlock_group(sb, group)\n ext4_mark_group_bitmap_corrupted(group)\n // The block bitmap was corrupted during\n // the group unlock gap.\n ext4_mb_try_best_found\n ext4_lock_group(ac-\u003eac_sb, group)\n ext4_mb_use_best_found\n mb_mark_used\n // Allocating blocks in block bitmap corrupted group",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26773",
"url": "https://www.suse.com/security/cve/CVE-2024-26773"
},
{
"category": "external",
"summary": "SUSE Bug 1222618 for CVE-2024-26773",
"url": "https://bugzilla.suse.com/1222618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26773"
},
{
"cve": "CVE-2024-26792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix double free of anonymous device after snapshot creation failure\n\nWhen creating a snapshot we may do a double free of an anonymous device\nin case there\u0027s an error committing the transaction. The second free may\nresult in freeing an anonymous device number that was allocated by some\nother subsystem in the kernel or another btrfs filesystem.\n\nThe steps that lead to this:\n\n1) At ioctl.c:create_snapshot() we allocate an anonymous device number\n and assign it to pending_snapshot-\u003eanon_dev;\n\n2) Then we call btrfs_commit_transaction() and end up at\n transaction.c:create_pending_snapshot();\n\n3) There we call btrfs_get_new_fs_root() and pass it the anonymous device\n number stored in pending_snapshot-\u003eanon_dev;\n\n4) btrfs_get_new_fs_root() frees that anonymous device number because\n btrfs_lookup_fs_root() returned a root - someone else did a lookup\n of the new root already, which could some task doing backref walking;\n\n5) After that some error happens in the transaction commit path, and at\n ioctl.c:create_snapshot() we jump to the \u0027fail\u0027 label, and after\n that we free again the same anonymous device number, which in the\n meanwhile may have been reallocated somewhere else, because\n pending_snapshot-\u003eanon_dev still has the same value as in step 1.\n\nRecently syzbot ran into this and reported the following trace:\n\n ------------[ cut here ]------------\n ida_free called for id=51 which is not allocated.\n WARNING: CPU: 1 PID: 31038 at lib/idr.c:525 ida_free+0x370/0x420 lib/idr.c:525\n Modules linked in:\n CPU: 1 PID: 31038 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-00410-gc02197fc9076 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\n RIP: 0010:ida_free+0x370/0x420 lib/idr.c:525\n Code: 10 42 80 3c 28 (...)\n RSP: 0018:ffffc90015a67300 EFLAGS: 00010246\n RAX: be5130472f5dd000 RBX: 0000000000000033 RCX: 0000000000040000\n RDX: ffffc90009a7a000 RSI: 000000000003ffff RDI: 0000000000040000\n RBP: ffffc90015a673f0 R08: ffffffff81577992 R09: 1ffff92002b4cdb4\n R10: dffffc0000000000 R11: fffff52002b4cdb5 R12: 0000000000000246\n R13: dffffc0000000000 R14: ffffffff8e256b80 R15: 0000000000000246\n FS: 00007fca3f4b46c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f167a17b978 CR3: 000000001ed26000 CR4: 0000000000350ef0\n Call Trace:\n \u003cTASK\u003e\n btrfs_get_root_ref+0xa48/0xaf0 fs/btrfs/disk-io.c:1346\n create_pending_snapshot+0xff2/0x2bc0 fs/btrfs/transaction.c:1837\n create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1931\n btrfs_commit_transaction+0xf1c/0x3740 fs/btrfs/transaction.c:2404\n create_snapshot+0x507/0x880 fs/btrfs/ioctl.c:848\n btrfs_mksubvol+0x5d0/0x750 fs/btrfs/ioctl.c:998\n btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1044\n __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1306\n btrfs_ioctl_snap_create_v2+0x1ca/0x400 fs/btrfs/ioctl.c:1393\n btrfs_ioctl+0xa74/0xd40\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:871 [inline]\n __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:857\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n RIP: 0033:0x7fca3e67dda9\n Code: 28 00 00 00 (...)\n RSP: 002b:00007fca3f4b40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 00007fca3e7abf80 RCX: 00007fca3e67dda9\n RDX: 00000000200005c0 RSI: 0000000050009417 RDI: 0000000000000003\n RBP: 00007fca3e6ca47a R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 000000000000000b R14: 00007fca3e7abf80 R15: 00007fff6bf95658\n \u003c/TASK\u003e\n\nWhere we get an explicit message where we attempt to free an anonymous\ndevice number that is not currently allocated. It happens in a different\ncode path from the example below, at btrfs_get_root_ref(), so this change\nmay not fix the case triggered by sy\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26792",
"url": "https://www.suse.com/security/cve/CVE-2024-26792"
},
{
"category": "external",
"summary": "SUSE Bug 1222430 for CVE-2024-26792",
"url": "https://bugzilla.suse.com/1222430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26792"
},
{
"cve": "CVE-2024-26816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26816"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86, relocs: Ignore relocations in .notes section\n\nWhen building with CONFIG_XEN_PV=y, .text symbols are emitted into\nthe .notes section so that Xen can find the \"startup_xen\" entry point.\nThis information is used prior to booting the kernel, so relocations\nare not useful. In fact, performing relocations against the .notes\nsection means that the KASLR base is exposed since /sys/kernel/notes\nis world-readable.\n\nTo avoid leaking the KASLR base without breaking unprivileged tools that\nare expecting to read /sys/kernel/notes, skip performing relocations in\nthe .notes section. The values readable in .notes are then identical to\nthose found in System.map.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26816",
"url": "https://www.suse.com/security/cve/CVE-2024-26816"
},
{
"category": "external",
"summary": "SUSE Bug 1222624 for CVE-2024-26816",
"url": "https://bugzilla.suse.com/1222624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26816"
},
{
"cve": "CVE-2024-26898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26898"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\n\nThis patch is against CVE-2023-6270. The description of cve is:\n\n A flaw was found in the ATA over Ethernet (AoE) driver in the Linux\n kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on\n `struct net_device`, and a use-after-free can be triggered by racing\n between the free on the struct and the access through the `skbtxq`\n global queue. This could lead to a denial of service condition or\n potential code execution.\n\nIn aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial\ncode is finished. But the net_device ifp will still be used in\nlater tx()-\u003edev_queue_xmit() in kthread. Which means that the\ndev_put(ifp) should NOT be called in the success path of skb\ninitial code in aoecmd_cfg_pkts(). Otherwise tx() may run into\nuse-after-free because the net_device is freed.\n\nThis patch removed the dev_put(ifp) in the success path in\naoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26898",
"url": "https://www.suse.com/security/cve/CVE-2024-26898"
},
{
"category": "external",
"summary": "SUSE Bug 1218562 for CVE-2024-26898",
"url": "https://bugzilla.suse.com/1218562"
},
{
"category": "external",
"summary": "SUSE Bug 1223016 for CVE-2024-26898",
"url": "https://bugzilla.suse.com/1223016"
},
{
"category": "external",
"summary": "SUSE Bug 1223017 for CVE-2024-26898",
"url": "https://bugzilla.suse.com/1223017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "important"
}
],
"title": "CVE-2024-26898"
},
{
"cve": "CVE-2024-26903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26903"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security\n\nDuring our fuzz testing of the connection and disconnection process at the\nRFCOMM layer, we discovered this bug. By comparing the packets from a\nnormal connection and disconnection process with the testcase that\ntriggered a KASAN report. We analyzed the cause of this bug as follows:\n\n1. In the packets captured during a normal connection, the host sends a\n`Read Encryption Key Size` type of `HCI_CMD` packet\n(Command Opcode: 0x1408) to the controller to inquire the length of\nencryption key.After receiving this packet, the controller immediately\nreplies with a Command Completepacket (Event Code: 0x0e) to return the\nEncryption Key Size.\n\n2. In our fuzz test case, the timing of the controller\u0027s response to this\npacket was delayed to an unexpected point: after the RFCOMM and L2CAP\nlayers had disconnected but before the HCI layer had disconnected.\n\n3. After receiving the Encryption Key Size Response at the time described\nin point 2, the host still called the rfcomm_check_security function.\nHowever, by this time `struct l2cap_conn *conn = l2cap_pi(sk)-\u003echan-\u003econn;`\nhad already been released, and when the function executed\n`return hci_conn_security(conn-\u003ehcon, d-\u003esec_level, auth_type, d-\u003eout);`,\nspecifically when accessing `conn-\u003ehcon`, a null-ptr-deref error occurred.\n\nTo fix this bug, check if `sk-\u003esk_state` is BT_CLOSED before calling\nrfcomm_recv_frame in rfcomm_process_rx.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26903",
"url": "https://www.suse.com/security/cve/CVE-2024-26903"
},
{
"category": "external",
"summary": "SUSE Bug 1223187 for CVE-2024-26903",
"url": "https://bugzilla.suse.com/1223187"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-26903"
},
{
"cve": "CVE-2024-27043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: edia: dvbdev: fix a use-after-free\n\nIn dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed\nin several error-handling paths. However, *pdvbdev is not set to NULL\nafter dvbdev\u0027s deallocation, causing use-after-frees in many places,\nfor example, in the following call chain:\n\nbudget_register\n |-\u003e dvb_dmxdev_init\n |-\u003e dvb_register_device\n |-\u003e dvb_dmxdev_release\n |-\u003e dvb_unregister_device\n |-\u003e dvb_remove_device\n |-\u003e dvb_device_put\n |-\u003e kref_put\n\nWhen calling dvb_unregister_device, dmxdev-\u003edvbdev (i.e. *pdvbdev in\ndvb_register_device) could point to memory that had been freed in\ndvb_register_device. Thereafter, this pointer is transferred to\nkref_put and triggering a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27043",
"url": "https://www.suse.com/security/cve/CVE-2024-27043"
},
{
"category": "external",
"summary": "SUSE Bug 1218562 for CVE-2024-27043",
"url": "https://bugzilla.suse.com/1218562"
},
{
"category": "external",
"summary": "SUSE Bug 1223824 for CVE-2024-27043",
"url": "https://bugzilla.suse.com/1223824"
},
{
"category": "external",
"summary": "SUSE Bug 1223825 for CVE-2024-27043",
"url": "https://bugzilla.suse.com/1223825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "important"
}
],
"title": "CVE-2024-27043"
},
{
"cve": "CVE-2024-27389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27389"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore: inode: Only d_invalidate() is needed\n\nUnloading a modular pstore backend with records in pstorefs would\ntrigger the dput() double-drop warning:\n\n WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410\n\nUsing the combo of d_drop()/dput() (as mentioned in\nDocumentation/filesystems/vfs.rst) isn\u0027t the right approach here, and\nleads to the reference counting problem seen above. Use d_invalidate()\nand update the code to not bother checking for error codes that can\nnever happen.\n\n---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27389",
"url": "https://www.suse.com/security/cve/CVE-2024-27389"
},
{
"category": "external",
"summary": "SUSE Bug 1223705 for CVE-2024-27389",
"url": "https://bugzilla.suse.com/1223705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.79.1.noarch",
"openSUSE Leap Micro 5.3:kernel-rt-5.14.21-150400.15.79.1.x86_64",
"openSUSE Leap Micro 5.4:kernel-rt-5.14.21-150400.15.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-14T14:30:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-27389"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…