suse-su-2024:2902-1
Vulnerability from csaf_suse
Published
2024-08-14 07:25
Modified
2024-08-14 07:25
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495).
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
The following non-security bugs were fixed:
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863).
- X.509: Fix the parser of extended key usage for length (bsc#1218820).
- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kernel-binary: vdso: Own module_dir
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- powerpc/rtas: clean up includes (bsc#1227487).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
Patchnames
SUSE-2024-2902,SUSE-SLE-Micro-5.3-2024-2902,SUSE-SLE-Micro-5.4-2024-2902
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-39494: ima: Fix use-after-free on a dentry\u0027s dname.name (bsc#1227716).\n- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).\n- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)\n- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).\n- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).\n- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).\n- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).\n- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).\n- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).\n- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).\n- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).\n- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).\n- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).\n- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).\n- CVE-2024-40937: gve: Clear napi-\u003eskb before dev_kfree_skb_any() (bsc#1227836).\n- CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495).\n- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).\n- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).\n- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).\n\nThe following non-security bugs were fixed:\n\n- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).\n- NFS: Reduce use of uncached readdir (bsc#1226662).\n- NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863).\n- X.509: Fix the parser of extended key usage for length (bsc#1218820).\n- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).\n- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).\n- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).\n- kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).\n- kernel-binary: vdso: Own module_dir\n- net/dcb: check for detached device before executing callbacks (bsc#1215587).\n- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).\n- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).\n- powerpc/rtas: clean up includes (bsc#1227487).\n- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).\n- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2902,SUSE-SLE-Micro-5.3-2024-2902,SUSE-SLE-Micro-5.4-2024-2902",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2902-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2902-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2902-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-August/036443.html"
},
{
"category": "self",
"summary": "SUSE Bug 1156395",
"url": "https://bugzilla.suse.com/1156395"
},
{
"category": "self",
"summary": "SUSE Bug 1190336",
"url": "https://bugzilla.suse.com/1190336"
},
{
"category": "self",
"summary": "SUSE Bug 1191958",
"url": "https://bugzilla.suse.com/1191958"
},
{
"category": "self",
"summary": "SUSE Bug 1193454",
"url": "https://bugzilla.suse.com/1193454"
},
{
"category": "self",
"summary": "SUSE Bug 1193554",
"url": "https://bugzilla.suse.com/1193554"
},
{
"category": "self",
"summary": "SUSE Bug 1193787",
"url": "https://bugzilla.suse.com/1193787"
},
{
"category": "self",
"summary": "SUSE Bug 1193883",
"url": "https://bugzilla.suse.com/1193883"
},
{
"category": "self",
"summary": "SUSE Bug 1194324",
"url": "https://bugzilla.suse.com/1194324"
},
{
"category": "self",
"summary": "SUSE Bug 1194826",
"url": "https://bugzilla.suse.com/1194826"
},
{
"category": "self",
"summary": "SUSE Bug 1194869",
"url": "https://bugzilla.suse.com/1194869"
},
{
"category": "self",
"summary": "SUSE Bug 1195065",
"url": "https://bugzilla.suse.com/1195065"
},
{
"category": "self",
"summary": "SUSE Bug 1195254",
"url": "https://bugzilla.suse.com/1195254"
},
{
"category": "self",
"summary": "SUSE Bug 1195341",
"url": "https://bugzilla.suse.com/1195341"
},
{
"category": "self",
"summary": "SUSE Bug 1195349",
"url": "https://bugzilla.suse.com/1195349"
},
{
"category": "self",
"summary": "SUSE Bug 1195357",
"url": "https://bugzilla.suse.com/1195357"
},
{
"category": "self",
"summary": "SUSE Bug 1195668",
"url": "https://bugzilla.suse.com/1195668"
},
{
"category": "self",
"summary": "SUSE Bug 1195927",
"url": "https://bugzilla.suse.com/1195927"
},
{
"category": "self",
"summary": "SUSE Bug 1195957",
"url": "https://bugzilla.suse.com/1195957"
},
{
"category": "self",
"summary": "SUSE Bug 1196018",
"url": "https://bugzilla.suse.com/1196018"
},
{
"category": "self",
"summary": "SUSE Bug 1196746",
"url": "https://bugzilla.suse.com/1196746"
},
{
"category": "self",
"summary": "SUSE Bug 1196823",
"url": "https://bugzilla.suse.com/1196823"
},
{
"category": "self",
"summary": "SUSE Bug 1197146",
"url": "https://bugzilla.suse.com/1197146"
},
{
"category": "self",
"summary": "SUSE Bug 1197246",
"url": "https://bugzilla.suse.com/1197246"
},
{
"category": "self",
"summary": "SUSE Bug 1197762",
"url": "https://bugzilla.suse.com/1197762"
},
{
"category": "self",
"summary": "SUSE Bug 1197915",
"url": "https://bugzilla.suse.com/1197915"
},
{
"category": "self",
"summary": "SUSE Bug 1198014",
"url": "https://bugzilla.suse.com/1198014"
},
{
"category": "self",
"summary": "SUSE Bug 1199295",
"url": "https://bugzilla.suse.com/1199295"
},
{
"category": "self",
"summary": "SUSE Bug 1202346",
"url": "https://bugzilla.suse.com/1202346"
},
{
"category": "self",
"summary": "SUSE Bug 1202686",
"url": "https://bugzilla.suse.com/1202686"
},
{
"category": "self",
"summary": "SUSE Bug 1202767",
"url": "https://bugzilla.suse.com/1202767"
},
{
"category": "self",
"summary": "SUSE Bug 1202780",
"url": "https://bugzilla.suse.com/1202780"
},
{
"category": "self",
"summary": "SUSE Bug 1209636",
"url": "https://bugzilla.suse.com/1209636"
},
{
"category": "self",
"summary": "SUSE Bug 1213123",
"url": "https://bugzilla.suse.com/1213123"
},
{
"category": "self",
"summary": "SUSE Bug 1215587",
"url": "https://bugzilla.suse.com/1215587"
},
{
"category": "self",
"summary": "SUSE Bug 1216834",
"url": "https://bugzilla.suse.com/1216834"
},
{
"category": "self",
"summary": "SUSE Bug 1218820",
"url": "https://bugzilla.suse.com/1218820"
},
{
"category": "self",
"summary": "SUSE Bug 1220185",
"url": "https://bugzilla.suse.com/1220185"
},
{
"category": "self",
"summary": "SUSE Bug 1220186",
"url": "https://bugzilla.suse.com/1220186"
},
{
"category": "self",
"summary": "SUSE Bug 1222728",
"url": "https://bugzilla.suse.com/1222728"
},
{
"category": "self",
"summary": "SUSE Bug 1222809",
"url": "https://bugzilla.suse.com/1222809"
},
{
"category": "self",
"summary": "SUSE Bug 1222810",
"url": "https://bugzilla.suse.com/1222810"
},
{
"category": "self",
"summary": "SUSE Bug 1223635",
"url": "https://bugzilla.suse.com/1223635"
},
{
"category": "self",
"summary": "SUSE Bug 1223863",
"url": "https://bugzilla.suse.com/1223863"
},
{
"category": "self",
"summary": "SUSE Bug 1224495",
"url": "https://bugzilla.suse.com/1224495"
},
{
"category": "self",
"summary": "SUSE Bug 1224671",
"url": "https://bugzilla.suse.com/1224671"
},
{
"category": "self",
"summary": "SUSE Bug 1225573",
"url": "https://bugzilla.suse.com/1225573"
},
{
"category": "self",
"summary": "SUSE Bug 1226168",
"url": "https://bugzilla.suse.com/1226168"
},
{
"category": "self",
"summary": "SUSE Bug 1226226",
"url": "https://bugzilla.suse.com/1226226"
},
{
"category": "self",
"summary": "SUSE Bug 1226519",
"url": "https://bugzilla.suse.com/1226519"
},
{
"category": "self",
"summary": "SUSE Bug 1226537",
"url": "https://bugzilla.suse.com/1226537"
},
{
"category": "self",
"summary": "SUSE Bug 1226539",
"url": "https://bugzilla.suse.com/1226539"
},
{
"category": "self",
"summary": "SUSE Bug 1226550",
"url": "https://bugzilla.suse.com/1226550"
},
{
"category": "self",
"summary": "SUSE Bug 1226553",
"url": "https://bugzilla.suse.com/1226553"
},
{
"category": "self",
"summary": "SUSE Bug 1226554",
"url": "https://bugzilla.suse.com/1226554"
},
{
"category": "self",
"summary": "SUSE Bug 1226556",
"url": "https://bugzilla.suse.com/1226556"
},
{
"category": "self",
"summary": "SUSE Bug 1226557",
"url": "https://bugzilla.suse.com/1226557"
},
{
"category": "self",
"summary": "SUSE Bug 1226558",
"url": "https://bugzilla.suse.com/1226558"
},
{
"category": "self",
"summary": "SUSE Bug 1226559",
"url": "https://bugzilla.suse.com/1226559"
},
{
"category": "self",
"summary": "SUSE Bug 1226561",
"url": "https://bugzilla.suse.com/1226561"
},
{
"category": "self",
"summary": "SUSE Bug 1226562",
"url": "https://bugzilla.suse.com/1226562"
},
{
"category": "self",
"summary": "SUSE Bug 1226563",
"url": "https://bugzilla.suse.com/1226563"
},
{
"category": "self",
"summary": "SUSE Bug 1226564",
"url": "https://bugzilla.suse.com/1226564"
},
{
"category": "self",
"summary": "SUSE Bug 1226567",
"url": "https://bugzilla.suse.com/1226567"
},
{
"category": "self",
"summary": "SUSE Bug 1226569",
"url": "https://bugzilla.suse.com/1226569"
},
{
"category": "self",
"summary": "SUSE Bug 1226572",
"url": "https://bugzilla.suse.com/1226572"
},
{
"category": "self",
"summary": "SUSE Bug 1226574",
"url": "https://bugzilla.suse.com/1226574"
},
{
"category": "self",
"summary": "SUSE Bug 1226575",
"url": "https://bugzilla.suse.com/1226575"
},
{
"category": "self",
"summary": "SUSE Bug 1226576",
"url": "https://bugzilla.suse.com/1226576"
},
{
"category": "self",
"summary": "SUSE Bug 1226577",
"url": "https://bugzilla.suse.com/1226577"
},
{
"category": "self",
"summary": "SUSE Bug 1226580",
"url": "https://bugzilla.suse.com/1226580"
},
{
"category": "self",
"summary": "SUSE Bug 1226583",
"url": "https://bugzilla.suse.com/1226583"
},
{
"category": "self",
"summary": "SUSE Bug 1226585",
"url": "https://bugzilla.suse.com/1226585"
},
{
"category": "self",
"summary": "SUSE Bug 1226587",
"url": "https://bugzilla.suse.com/1226587"
},
{
"category": "self",
"summary": "SUSE Bug 1226601",
"url": "https://bugzilla.suse.com/1226601"
},
{
"category": "self",
"summary": "SUSE Bug 1226602",
"url": "https://bugzilla.suse.com/1226602"
},
{
"category": "self",
"summary": "SUSE Bug 1226603",
"url": "https://bugzilla.suse.com/1226603"
},
{
"category": "self",
"summary": "SUSE Bug 1226607",
"url": "https://bugzilla.suse.com/1226607"
},
{
"category": "self",
"summary": "SUSE Bug 1226614",
"url": "https://bugzilla.suse.com/1226614"
},
{
"category": "self",
"summary": "SUSE Bug 1226617",
"url": "https://bugzilla.suse.com/1226617"
},
{
"category": "self",
"summary": "SUSE Bug 1226618",
"url": "https://bugzilla.suse.com/1226618"
},
{
"category": "self",
"summary": "SUSE Bug 1226619",
"url": "https://bugzilla.suse.com/1226619"
},
{
"category": "self",
"summary": "SUSE Bug 1226621",
"url": "https://bugzilla.suse.com/1226621"
},
{
"category": "self",
"summary": "SUSE Bug 1226624",
"url": "https://bugzilla.suse.com/1226624"
},
{
"category": "self",
"summary": "SUSE Bug 1226626",
"url": "https://bugzilla.suse.com/1226626"
},
{
"category": "self",
"summary": "SUSE Bug 1226628",
"url": "https://bugzilla.suse.com/1226628"
},
{
"category": "self",
"summary": "SUSE Bug 1226629",
"url": "https://bugzilla.suse.com/1226629"
},
{
"category": "self",
"summary": "SUSE Bug 1226643",
"url": "https://bugzilla.suse.com/1226643"
},
{
"category": "self",
"summary": "SUSE Bug 1226644",
"url": "https://bugzilla.suse.com/1226644"
},
{
"category": "self",
"summary": "SUSE Bug 1226645",
"url": "https://bugzilla.suse.com/1226645"
},
{
"category": "self",
"summary": "SUSE Bug 1226650",
"url": "https://bugzilla.suse.com/1226650"
},
{
"category": "self",
"summary": "SUSE Bug 1226653",
"url": "https://bugzilla.suse.com/1226653"
},
{
"category": "self",
"summary": "SUSE Bug 1226662",
"url": "https://bugzilla.suse.com/1226662"
},
{
"category": "self",
"summary": "SUSE Bug 1226669",
"url": "https://bugzilla.suse.com/1226669"
},
{
"category": "self",
"summary": "SUSE Bug 1226670",
"url": "https://bugzilla.suse.com/1226670"
},
{
"category": "self",
"summary": "SUSE Bug 1226672",
"url": "https://bugzilla.suse.com/1226672"
},
{
"category": "self",
"summary": "SUSE Bug 1226673",
"url": "https://bugzilla.suse.com/1226673"
},
{
"category": "self",
"summary": "SUSE Bug 1226674",
"url": "https://bugzilla.suse.com/1226674"
},
{
"category": "self",
"summary": "SUSE Bug 1226675",
"url": "https://bugzilla.suse.com/1226675"
},
{
"category": "self",
"summary": "SUSE Bug 1226679",
"url": "https://bugzilla.suse.com/1226679"
},
{
"category": "self",
"summary": "SUSE Bug 1226683",
"url": "https://bugzilla.suse.com/1226683"
},
{
"category": "self",
"summary": "SUSE Bug 1226685",
"url": "https://bugzilla.suse.com/1226685"
},
{
"category": "self",
"summary": "SUSE Bug 1226686",
"url": "https://bugzilla.suse.com/1226686"
},
{
"category": "self",
"summary": "SUSE Bug 1226690",
"url": "https://bugzilla.suse.com/1226690"
},
{
"category": "self",
"summary": "SUSE Bug 1226691",
"url": "https://bugzilla.suse.com/1226691"
},
{
"category": "self",
"summary": "SUSE Bug 1226692",
"url": "https://bugzilla.suse.com/1226692"
},
{
"category": "self",
"summary": "SUSE Bug 1226696",
"url": "https://bugzilla.suse.com/1226696"
},
{
"category": "self",
"summary": "SUSE Bug 1226697",
"url": "https://bugzilla.suse.com/1226697"
},
{
"category": "self",
"summary": "SUSE Bug 1226698",
"url": "https://bugzilla.suse.com/1226698"
},
{
"category": "self",
"summary": "SUSE Bug 1226699",
"url": "https://bugzilla.suse.com/1226699"
},
{
"category": "self",
"summary": "SUSE Bug 1226701",
"url": "https://bugzilla.suse.com/1226701"
},
{
"category": "self",
"summary": "SUSE Bug 1226702",
"url": "https://bugzilla.suse.com/1226702"
},
{
"category": "self",
"summary": "SUSE Bug 1226703",
"url": "https://bugzilla.suse.com/1226703"
},
{
"category": "self",
"summary": "SUSE Bug 1226705",
"url": "https://bugzilla.suse.com/1226705"
},
{
"category": "self",
"summary": "SUSE Bug 1226708",
"url": "https://bugzilla.suse.com/1226708"
},
{
"category": "self",
"summary": "SUSE Bug 1226709",
"url": "https://bugzilla.suse.com/1226709"
},
{
"category": "self",
"summary": "SUSE Bug 1226710",
"url": "https://bugzilla.suse.com/1226710"
},
{
"category": "self",
"summary": "SUSE Bug 1226711",
"url": "https://bugzilla.suse.com/1226711"
},
{
"category": "self",
"summary": "SUSE Bug 1226712",
"url": "https://bugzilla.suse.com/1226712"
},
{
"category": "self",
"summary": "SUSE Bug 1226713",
"url": "https://bugzilla.suse.com/1226713"
},
{
"category": "self",
"summary": "SUSE Bug 1226715",
"url": "https://bugzilla.suse.com/1226715"
},
{
"category": "self",
"summary": "SUSE Bug 1226716",
"url": "https://bugzilla.suse.com/1226716"
},
{
"category": "self",
"summary": "SUSE Bug 1226719",
"url": "https://bugzilla.suse.com/1226719"
},
{
"category": "self",
"summary": "SUSE Bug 1226720",
"url": "https://bugzilla.suse.com/1226720"
},
{
"category": "self",
"summary": "SUSE Bug 1226721",
"url": "https://bugzilla.suse.com/1226721"
},
{
"category": "self",
"summary": "SUSE Bug 1226732",
"url": "https://bugzilla.suse.com/1226732"
},
{
"category": "self",
"summary": "SUSE Bug 1226762",
"url": "https://bugzilla.suse.com/1226762"
},
{
"category": "self",
"summary": "SUSE Bug 1227090",
"url": "https://bugzilla.suse.com/1227090"
},
{
"category": "self",
"summary": "SUSE Bug 1227383",
"url": "https://bugzilla.suse.com/1227383"
},
{
"category": "self",
"summary": "SUSE Bug 1227487",
"url": "https://bugzilla.suse.com/1227487"
},
{
"category": "self",
"summary": "SUSE Bug 1227549",
"url": "https://bugzilla.suse.com/1227549"
},
{
"category": "self",
"summary": "SUSE Bug 1227716",
"url": "https://bugzilla.suse.com/1227716"
},
{
"category": "self",
"summary": "SUSE Bug 1227750",
"url": "https://bugzilla.suse.com/1227750"
},
{
"category": "self",
"summary": "SUSE Bug 1227764",
"url": "https://bugzilla.suse.com/1227764"
},
{
"category": "self",
"summary": "SUSE Bug 1227808",
"url": "https://bugzilla.suse.com/1227808"
},
{
"category": "self",
"summary": "SUSE Bug 1227810",
"url": "https://bugzilla.suse.com/1227810"
},
{
"category": "self",
"summary": "SUSE Bug 1227823",
"url": "https://bugzilla.suse.com/1227823"
},
{
"category": "self",
"summary": "SUSE Bug 1227829",
"url": "https://bugzilla.suse.com/1227829"
},
{
"category": "self",
"summary": "SUSE Bug 1227836",
"url": "https://bugzilla.suse.com/1227836"
},
{
"category": "self",
"summary": "SUSE Bug 1227917",
"url": "https://bugzilla.suse.com/1227917"
},
{
"category": "self",
"summary": "SUSE Bug 1227920",
"url": "https://bugzilla.suse.com/1227920"
},
{
"category": "self",
"summary": "SUSE Bug 1227921",
"url": "https://bugzilla.suse.com/1227921"
},
{
"category": "self",
"summary": "SUSE Bug 1227922",
"url": "https://bugzilla.suse.com/1227922"
},
{
"category": "self",
"summary": "SUSE Bug 1227923",
"url": "https://bugzilla.suse.com/1227923"
},
{
"category": "self",
"summary": "SUSE Bug 1227924",
"url": "https://bugzilla.suse.com/1227924"
},
{
"category": "self",
"summary": "SUSE Bug 1227925",
"url": "https://bugzilla.suse.com/1227925"
},
{
"category": "self",
"summary": "SUSE Bug 1227928",
"url": "https://bugzilla.suse.com/1227928"
},
{
"category": "self",
"summary": "SUSE Bug 1227931",
"url": "https://bugzilla.suse.com/1227931"
},
{
"category": "self",
"summary": "SUSE Bug 1227932",
"url": "https://bugzilla.suse.com/1227932"
},
{
"category": "self",
"summary": "SUSE Bug 1227933",
"url": "https://bugzilla.suse.com/1227933"
},
{
"category": "self",
"summary": "SUSE Bug 1227935",
"url": "https://bugzilla.suse.com/1227935"
},
{
"category": "self",
"summary": "SUSE Bug 1227938",
"url": "https://bugzilla.suse.com/1227938"
},
{
"category": "self",
"summary": "SUSE Bug 1227941",
"url": "https://bugzilla.suse.com/1227941"
},
{
"category": "self",
"summary": "SUSE Bug 1227942",
"url": "https://bugzilla.suse.com/1227942"
},
{
"category": "self",
"summary": "SUSE Bug 1227944",
"url": "https://bugzilla.suse.com/1227944"
},
{
"category": "self",
"summary": "SUSE Bug 1227945",
"url": "https://bugzilla.suse.com/1227945"
},
{
"category": "self",
"summary": "SUSE Bug 1227948",
"url": "https://bugzilla.suse.com/1227948"
},
{
"category": "self",
"summary": "SUSE Bug 1227949",
"url": "https://bugzilla.suse.com/1227949"
},
{
"category": "self",
"summary": "SUSE Bug 1227952",
"url": "https://bugzilla.suse.com/1227952"
},
{
"category": "self",
"summary": "SUSE Bug 1227953",
"url": "https://bugzilla.suse.com/1227953"
},
{
"category": "self",
"summary": "SUSE Bug 1227954",
"url": "https://bugzilla.suse.com/1227954"
},
{
"category": "self",
"summary": "SUSE Bug 1227956",
"url": "https://bugzilla.suse.com/1227956"
},
{
"category": "self",
"summary": "SUSE Bug 1227963",
"url": "https://bugzilla.suse.com/1227963"
},
{
"category": "self",
"summary": "SUSE Bug 1227964",
"url": "https://bugzilla.suse.com/1227964"
},
{
"category": "self",
"summary": "SUSE Bug 1227965",
"url": "https://bugzilla.suse.com/1227965"
},
{
"category": "self",
"summary": "SUSE Bug 1227968",
"url": "https://bugzilla.suse.com/1227968"
},
{
"category": "self",
"summary": "SUSE Bug 1227969",
"url": "https://bugzilla.suse.com/1227969"
},
{
"category": "self",
"summary": "SUSE Bug 1227970",
"url": "https://bugzilla.suse.com/1227970"
},
{
"category": "self",
"summary": "SUSE Bug 1227971",
"url": "https://bugzilla.suse.com/1227971"
},
{
"category": "self",
"summary": "SUSE Bug 1227972",
"url": "https://bugzilla.suse.com/1227972"
},
{
"category": "self",
"summary": "SUSE Bug 1227975",
"url": "https://bugzilla.suse.com/1227975"
},
{
"category": "self",
"summary": "SUSE Bug 1227976",
"url": "https://bugzilla.suse.com/1227976"
},
{
"category": "self",
"summary": "SUSE Bug 1227981",
"url": "https://bugzilla.suse.com/1227981"
},
{
"category": "self",
"summary": "SUSE Bug 1227982",
"url": "https://bugzilla.suse.com/1227982"
},
{
"category": "self",
"summary": "SUSE Bug 1227985",
"url": "https://bugzilla.suse.com/1227985"
},
{
"category": "self",
"summary": "SUSE Bug 1227986",
"url": "https://bugzilla.suse.com/1227986"
},
{
"category": "self",
"summary": "SUSE Bug 1227987",
"url": "https://bugzilla.suse.com/1227987"
},
{
"category": "self",
"summary": "SUSE Bug 1227988",
"url": "https://bugzilla.suse.com/1227988"
},
{
"category": "self",
"summary": "SUSE Bug 1227989",
"url": "https://bugzilla.suse.com/1227989"
},
{
"category": "self",
"summary": "SUSE Bug 1227990",
"url": "https://bugzilla.suse.com/1227990"
},
{
"category": "self",
"summary": "SUSE Bug 1227991",
"url": "https://bugzilla.suse.com/1227991"
},
{
"category": "self",
"summary": "SUSE Bug 1227993",
"url": "https://bugzilla.suse.com/1227993"
},
{
"category": "self",
"summary": "SUSE Bug 1227995",
"url": "https://bugzilla.suse.com/1227995"
},
{
"category": "self",
"summary": "SUSE Bug 1227996",
"url": "https://bugzilla.suse.com/1227996"
},
{
"category": "self",
"summary": "SUSE Bug 1227997",
"url": "https://bugzilla.suse.com/1227997"
},
{
"category": "self",
"summary": "SUSE Bug 1228000",
"url": "https://bugzilla.suse.com/1228000"
},
{
"category": "self",
"summary": "SUSE Bug 1228002",
"url": "https://bugzilla.suse.com/1228002"
},
{
"category": "self",
"summary": "SUSE Bug 1228004",
"url": "https://bugzilla.suse.com/1228004"
},
{
"category": "self",
"summary": "SUSE Bug 1228005",
"url": "https://bugzilla.suse.com/1228005"
},
{
"category": "self",
"summary": "SUSE Bug 1228006",
"url": "https://bugzilla.suse.com/1228006"
},
{
"category": "self",
"summary": "SUSE Bug 1228007",
"url": "https://bugzilla.suse.com/1228007"
},
{
"category": "self",
"summary": "SUSE Bug 1228008",
"url": "https://bugzilla.suse.com/1228008"
},
{
"category": "self",
"summary": "SUSE Bug 1228009",
"url": "https://bugzilla.suse.com/1228009"
},
{
"category": "self",
"summary": "SUSE Bug 1228010",
"url": "https://bugzilla.suse.com/1228010"
},
{
"category": "self",
"summary": "SUSE Bug 1228013",
"url": "https://bugzilla.suse.com/1228013"
},
{
"category": "self",
"summary": "SUSE Bug 1228014",
"url": "https://bugzilla.suse.com/1228014"
},
{
"category": "self",
"summary": "SUSE Bug 1228015",
"url": "https://bugzilla.suse.com/1228015"
},
{
"category": "self",
"summary": "SUSE Bug 1228019",
"url": "https://bugzilla.suse.com/1228019"
},
{
"category": "self",
"summary": "SUSE Bug 1228025",
"url": "https://bugzilla.suse.com/1228025"
},
{
"category": "self",
"summary": "SUSE Bug 1228028",
"url": "https://bugzilla.suse.com/1228028"
},
{
"category": "self",
"summary": "SUSE Bug 1228035",
"url": "https://bugzilla.suse.com/1228035"
},
{
"category": "self",
"summary": "SUSE Bug 1228037",
"url": "https://bugzilla.suse.com/1228037"
},
{
"category": "self",
"summary": "SUSE Bug 1228038",
"url": "https://bugzilla.suse.com/1228038"
},
{
"category": "self",
"summary": "SUSE Bug 1228039",
"url": "https://bugzilla.suse.com/1228039"
},
{
"category": "self",
"summary": "SUSE Bug 1228040",
"url": "https://bugzilla.suse.com/1228040"
},
{
"category": "self",
"summary": "SUSE Bug 1228045",
"url": "https://bugzilla.suse.com/1228045"
},
{
"category": "self",
"summary": "SUSE Bug 1228054",
"url": "https://bugzilla.suse.com/1228054"
},
{
"category": "self",
"summary": "SUSE Bug 1228055",
"url": "https://bugzilla.suse.com/1228055"
},
{
"category": "self",
"summary": "SUSE Bug 1228056",
"url": "https://bugzilla.suse.com/1228056"
},
{
"category": "self",
"summary": "SUSE Bug 1228060",
"url": "https://bugzilla.suse.com/1228060"
},
{
"category": "self",
"summary": "SUSE Bug 1228061",
"url": "https://bugzilla.suse.com/1228061"
},
{
"category": "self",
"summary": "SUSE Bug 1228062",
"url": "https://bugzilla.suse.com/1228062"
},
{
"category": "self",
"summary": "SUSE Bug 1228063",
"url": "https://bugzilla.suse.com/1228063"
},
{
"category": "self",
"summary": "SUSE Bug 1228064",
"url": "https://bugzilla.suse.com/1228064"
},
{
"category": "self",
"summary": "SUSE Bug 1228066",
"url": "https://bugzilla.suse.com/1228066"
},
{
"category": "self",
"summary": "SUSE Bug 1228114",
"url": "https://bugzilla.suse.com/1228114"
},
{
"category": "self",
"summary": "SUSE Bug 1228247",
"url": "https://bugzilla.suse.com/1228247"
},
{
"category": "self",
"summary": "SUSE Bug 1228328",
"url": "https://bugzilla.suse.com/1228328"
},
{
"category": "self",
"summary": "SUSE Bug 1228561",
"url": "https://bugzilla.suse.com/1228561"
},
{
"category": "self",
"summary": "SUSE Bug 1228644",
"url": "https://bugzilla.suse.com/1228644"
},
{
"category": "self",
"summary": "SUSE Bug 1228680",
"url": "https://bugzilla.suse.com/1228680"
},
{
"category": "self",
"summary": "SUSE Bug 1228743",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "self",
"summary": "SUSE Bug 1228801",
"url": "https://bugzilla.suse.com/1228801"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4439 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47534 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47534/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47576 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47578 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47580 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47582 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47583 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47584 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47584/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47585 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47586 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47587 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47589 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47592 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47596 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47597 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47598 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47600 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47601 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47602 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47603 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47607 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47607/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47608 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47608/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47609 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47611 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47612 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47612/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47614 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47615 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47616 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47617 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47618 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47619 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47620 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47622 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47624 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48711 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48712 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48713 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48715 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48717 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48720 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48721 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48722 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48723 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48724 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48725 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48726 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48727 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48728 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48729 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48730 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48732 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48734 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48735 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48736 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48737 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48738 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48739 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48740 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48743 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48744 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48745 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48746 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48747 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48749 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48751 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48752 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48754 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48756 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48758 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48759 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48760 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48761 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48763 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48765 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48767 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48768 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48768/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48769 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48769/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48771 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48771/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48773 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48774 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48774/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48775 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48776 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48777 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48778 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48780 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48783 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48784 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48786 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48787 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48788 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48789 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48789/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48791 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48792 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48793 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48794 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48796 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48797 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48798 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48799 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48800 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48801 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48802 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48803 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48804 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48805 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48806 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48807 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48811 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48812 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48813 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48814 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48815 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48816 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48817 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48818 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48820 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48821 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48822 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48822/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48823 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48824 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48825 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48826 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48827 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48828 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48829 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48830 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48831 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48834 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48835 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48836 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48837 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48838 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48839 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48840 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48841 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48842 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48843 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48847 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48849 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48851 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48853 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48856 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48857 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48858 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48859 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48860 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48861 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48862 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48863 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48866 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52762 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52766 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52800 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52885 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52886 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26583 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26584 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26584/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26800 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26813 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26814 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26976 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35878 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35901 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35901/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38555 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39463 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39494 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40937 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40954 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40956 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40989 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41059 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41090 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42145 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42230 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42230/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2024-08-14T07:25:23Z",
"generator": {
"date": "2024-08-14T07:25:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2902-1",
"initial_release_date": "2024-08-14T07:25:23Z",
"revision_history": [
{
"date": "2024-08-14T07:25:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.14.21-150400.15.88.1.noarch",
"product": {
"name": "kernel-devel-rt-5.14.21-150400.15.88.1.noarch",
"product_id": "kernel-devel-rt-5.14.21-150400.15.88.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"product": {
"name": "kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"product_id": "kernel-source-rt-5.14.21-150400.15.88.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.14.21-150400.15.88.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.14.21-150400.15.88.1.x86_64",
"product_id": "dlm-kmp-rt-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.14.21-150400.15.88.1.x86_64",
"product_id": "gfs2-kmp-rt-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "kernel-rt-5.14.21-150400.15.88.1.x86_64",
"product_id": "kernel-rt-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.14.21-150400.15.88.1.x86_64",
"product_id": "kernel-rt-devel-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.14.21-150400.15.88.1.x86_64",
"product_id": "kernel-rt-extra-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-5.14.21-150400.15.88.1.x86_64",
"product_id": "kernel-rt-livepatch-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.88.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.14.21-150400.15.88.1.x86_64",
"product_id": "kernel-rt-optional-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.14.21-150400.15.88.1.x86_64",
"product_id": "kernel-rt_debug-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.14.21-150400.15.88.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.14.21-150400.15.88.1.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.14.21-150400.15.88.1.x86_64",
"product_id": "kernel-syms-rt-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.14.21-150400.15.88.1.x86_64",
"product_id": "kselftests-kmp-rt-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.14.21-150400.15.88.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.14.21-150400.15.88.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.14.21-150400.15.88.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.14.21-150400.15.88.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.14.21-150400.15.88.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.88.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.88.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.88.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.88.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4439"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nisdn: cpai: check ctr-\u003ecnr to avoid array index out of bound\n\nThe cmtp_add_connection() would add a cmtp session to a controller\nand run a kernel thread to process cmtp.\n\n\t__module_get(THIS_MODULE);\n\tsession-\u003etask = kthread_run(cmtp_session, session, \"kcmtpd_ctr_%d\",\n\t\t\t\t\t\t\t\tsession-\u003enum);\n\nDuring this process, the kernel thread would call detach_capi_ctr()\nto detach a register controller. if the controller\nwas not attached yet, detach_capi_ctr() would\ntrigger an array-index-out-bounds bug.\n\n[ 46.866069][ T6479] UBSAN: array-index-out-of-bounds in\ndrivers/isdn/capi/kcapi.c:483:21\n[ 46.867196][ T6479] index -1 is out of range for type \u0027capi_ctr *[32]\u0027\n[ 46.867982][ T6479] CPU: 1 PID: 6479 Comm: kcmtpd_ctr_0 Not tainted\n5.15.0-rc2+ #8\n[ 46.869002][ T6479] Hardware name: QEMU Standard PC (i440FX + PIIX,\n1996), BIOS 1.14.0-2 04/01/2014\n[ 46.870107][ T6479] Call Trace:\n[ 46.870473][ T6479] dump_stack_lvl+0x57/0x7d\n[ 46.870974][ T6479] ubsan_epilogue+0x5/0x40\n[ 46.871458][ T6479] __ubsan_handle_out_of_bounds.cold+0x43/0x48\n[ 46.872135][ T6479] detach_capi_ctr+0x64/0xc0\n[ 46.872639][ T6479] cmtp_session+0x5c8/0x5d0\n[ 46.873131][ T6479] ? __init_waitqueue_head+0x60/0x60\n[ 46.873712][ T6479] ? cmtp_add_msgpart+0x120/0x120\n[ 46.874256][ T6479] kthread+0x147/0x170\n[ 46.874709][ T6479] ? set_kthread_struct+0x40/0x40\n[ 46.875248][ T6479] ret_from_fork+0x1f/0x30\n[ 46.875773][ T6479]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4439",
"url": "https://www.suse.com/security/cve/CVE-2021-4439"
},
{
"category": "external",
"summary": "SUSE Bug 1226670 for CVE-2021-4439",
"url": "https://bugzilla.suse.com/1226670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-4439"
},
{
"cve": "CVE-2021-47534",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47534"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: kms: Add missing drm_crtc_commit_put\n\nCommit 9ec03d7f1ed3 (\"drm/vc4: kms: Wait on previous FIFO users before a\ncommit\") introduced a global state for the HVS, with each FIFO storing\nthe current CRTC commit so that we can properly synchronize commits.\n\nHowever, the refcounting was off and we thus ended up leaking the\ndrm_crtc_commit structure every commit. Add a drm_crtc_commit_put to\nprevent the leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47534",
"url": "https://www.suse.com/security/cve/CVE-2021-47534"
},
{
"category": "external",
"summary": "SUSE Bug 1230903 for CVE-2021-47534",
"url": "https://bugzilla.suse.com/1230903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47534"
},
{
"cve": "CVE-2021-47576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47576"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()\n\nIn resp_mode_select() sanity check the block descriptor len to avoid UAF.\n\nBUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40 drivers/scsi/scsi_debug.c:2509\nRead of size 1 at addr ffff888026670f50 by task scsicmd/15032\n\nCPU: 1 PID: 15032 Comm: scsicmd Not tainted 5.15.0-01d0625 #15\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:107\n print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:257\n kasan_report.cold.14+0x7d/0x117 mm/kasan/report.c:443\n __asan_report_load1_noabort+0x14/0x20 mm/kasan/report_generic.c:306\n resp_mode_select+0xa4c/0xb40 drivers/scsi/scsi_debug.c:2509\n schedule_resp+0x4af/0x1a10 drivers/scsi/scsi_debug.c:5483\n scsi_debug_queuecommand+0x8c9/0x1e70 drivers/scsi/scsi_debug.c:7537\n scsi_queue_rq+0x16b4/0x2d10 drivers/scsi/scsi_lib.c:1521\n blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1640\n __blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325\n blk_mq_sched_dispatch_requests+0x105/0x190 block/blk-mq-sched.c:358\n __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1762\n __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1839\n blk_mq_run_hw_queue+0x18d/0x350 block/blk-mq.c:1891\n blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474\n blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:63\n sg_common_write.isra.18+0xeb3/0x2000 drivers/scsi/sg.c:837\n sg_new_write.isra.19+0x570/0x8c0 drivers/scsi/sg.c:775\n sg_ioctl_common+0x14d6/0x2710 drivers/scsi/sg.c:941\n sg_ioctl+0xa2/0x180 drivers/scsi/sg.c:1166\n __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:52\n do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:50\n entry_SYSCALL_64_after_hwframe+0x44/0xae arch/x86/entry/entry_64.S:113",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47576",
"url": "https://www.suse.com/security/cve/CVE-2021-47576"
},
{
"category": "external",
"summary": "SUSE Bug 1226537 for CVE-2021-47576",
"url": "https://bugzilla.suse.com/1226537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "low"
}
],
"title": "CVE-2021-47576"
},
{
"cve": "CVE-2021-47578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47578"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Don\u0027t call kcalloc() if size arg is zero\n\nIf the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR. Because of\nthat, for a following NULL pointer check to work on the returned pointer,\nkcalloc() must not be called with the size arg equal to zero. Return early\nwithout error before the kcalloc() call if size arg is zero.\n\nBUG: KASAN: null-ptr-deref in memcpy include/linux/fortify-string.h:191 [inline]\nBUG: KASAN: null-ptr-deref in sg_copy_buffer+0x138/0x240 lib/scatterlist.c:974\nWrite of size 4 at addr 0000000000000010 by task syz-executor.1/22789\n\nCPU: 1 PID: 22789 Comm: syz-executor.1 Not tainted 5.15.0-syzk #1\nHardware name: Red Hat KVM, BIOS 1.13.0-2\nCall Trace:\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106\n __kasan_report mm/kasan/report.c:446 [inline]\n kasan_report.cold.14+0x112/0x117 mm/kasan/report.c:459\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0x1a3/0x210 mm/kasan/generic.c:189\n memcpy+0x3b/0x60 mm/kasan/shadow.c:66\n memcpy include/linux/fortify-string.h:191 [inline]\n sg_copy_buffer+0x138/0x240 lib/scatterlist.c:974\n do_dout_fetch drivers/scsi/scsi_debug.c:2954 [inline]\n do_dout_fetch drivers/scsi/scsi_debug.c:2946 [inline]\n resp_verify+0x49e/0x930 drivers/scsi/scsi_debug.c:4276\n schedule_resp+0x4d8/0x1a70 drivers/scsi/scsi_debug.c:5478\n scsi_debug_queuecommand+0x8c9/0x1ec0 drivers/scsi/scsi_debug.c:7533\n scsi_dispatch_cmd drivers/scsi/scsi_lib.c:1520 [inline]\n scsi_queue_rq+0x16b0/0x2d40 drivers/scsi/scsi_lib.c:1699\n blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1639\n __blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325\n blk_mq_sched_dispatch_requests+0x105/0x190 block/blk-mq-sched.c:358\n __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1761\n __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1838\n blk_mq_run_hw_queue+0x18d/0x350 block/blk-mq.c:1891\n blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474\n blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:62\n blk_execute_rq+0xdb/0x360 block/blk-exec.c:102\n sg_scsi_ioctl drivers/scsi/scsi_ioctl.c:621 [inline]\n scsi_ioctl+0x8bb/0x15c0 drivers/scsi/scsi_ioctl.c:930\n sg_ioctl_common+0x172d/0x2710 drivers/scsi/sg.c:1112\n sg_ioctl+0xa2/0x180 drivers/scsi/sg.c:1165\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl fs/ioctl.c:860 [inline]\n __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47578",
"url": "https://www.suse.com/security/cve/CVE-2021-47578"
},
{
"category": "external",
"summary": "SUSE Bug 1226539 for CVE-2021-47578",
"url": "https://bugzilla.suse.com/1226539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47578"
},
{
"cve": "CVE-2021-47580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47580"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Fix type in min_t to avoid stack OOB\n\nChange min_t() to use type \"u32\" instead of type \"int\" to avoid stack out\nof bounds. With min_t() type \"int\" the values get sign extended and the\nlarger value gets used causing stack out of bounds.\n\nBUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:191 [inline]\nBUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x1de/0x240 lib/scatterlist.c:976\nRead of size 127 at addr ffff888072607128 by task syz-executor.7/18707\n\nCPU: 1 PID: 18707 Comm: syz-executor.7 Not tainted 5.15.0-syzk #1\nHardware name: Red Hat KVM, BIOS 1.13.0-2\nCall Trace:\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106\n print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:256\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold.14+0x7d/0x117 mm/kasan/report.c:459\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0x1a3/0x210 mm/kasan/generic.c:189\n memcpy+0x23/0x60 mm/kasan/shadow.c:65\n memcpy include/linux/fortify-string.h:191 [inline]\n sg_copy_buffer+0x1de/0x240 lib/scatterlist.c:976\n sg_copy_from_buffer+0x33/0x40 lib/scatterlist.c:1000\n fill_from_dev_buffer.part.34+0x82/0x130 drivers/scsi/scsi_debug.c:1162\n fill_from_dev_buffer drivers/scsi/scsi_debug.c:1888 [inline]\n resp_readcap16+0x365/0x3b0 drivers/scsi/scsi_debug.c:1887\n schedule_resp+0x4d8/0x1a70 drivers/scsi/scsi_debug.c:5478\n scsi_debug_queuecommand+0x8c9/0x1ec0 drivers/scsi/scsi_debug.c:7533\n scsi_dispatch_cmd drivers/scsi/scsi_lib.c:1520 [inline]\n scsi_queue_rq+0x16b0/0x2d40 drivers/scsi/scsi_lib.c:1699\n blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1639\n __blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325\n blk_mq_sched_dispatch_requests+0x105/0x190 block/blk-mq-sched.c:358\n __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1761\n __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1838\n blk_mq_run_hw_queue+0x18d/0x350 block/blk-mq.c:1891\n blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474\n blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:62\n sg_common_write.isra.18+0xeb3/0x2000 drivers/scsi/sg.c:836\n sg_new_write.isra.19+0x570/0x8c0 drivers/scsi/sg.c:774\n sg_ioctl_common+0x14d6/0x2710 drivers/scsi/sg.c:939\n sg_ioctl+0xa2/0x180 drivers/scsi/sg.c:1165\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl fs/ioctl.c:860 [inline]\n __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47580",
"url": "https://www.suse.com/security/cve/CVE-2021-47580"
},
{
"category": "external",
"summary": "SUSE Bug 1226550 for CVE-2021-47580",
"url": "https://bugzilla.suse.com/1226550"
},
{
"category": "external",
"summary": "SUSE Bug 1227611 for CVE-2021-47580",
"url": "https://bugzilla.suse.com/1227611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47580"
},
{
"cve": "CVE-2021-47582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47582"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Make do_proc_control() and do_proc_bulk() killable\n\nThe USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke\nusb_start_wait_urb(), which contains an uninterruptible wait with a\nuser-specified timeout value. If timeout value is very large and the\ndevice being accessed does not respond in a reasonable amount of time,\nthe kernel will complain about \"Task X blocked for more than N\nseconds\", as found in testing by syzbot:\n\nINFO: task syz-executor.0:8700 blocked for more than 143 seconds.\n Not tainted 5.14.0-rc7-syzkaller #0\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-executor.0 state:D stack:23192 pid: 8700 ppid: 8455 flags:0x00004004\nCall Trace:\n context_switch kernel/sched/core.c:4681 [inline]\n __schedule+0xc07/0x11f0 kernel/sched/core.c:5938\n schedule+0x14b/0x210 kernel/sched/core.c:6017\n schedule_timeout+0x98/0x2f0 kernel/time/timer.c:1857\n do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85\n __wait_for_common kernel/sched/completion.c:106 [inline]\n wait_for_common kernel/sched/completion.c:117 [inline]\n wait_for_completion_timeout+0x46/0x60 kernel/sched/completion.c:157\n usb_start_wait_urb+0x167/0x550 drivers/usb/core/message.c:63\n do_proc_bulk+0x978/0x1080 drivers/usb/core/devio.c:1236\n proc_bulk drivers/usb/core/devio.c:1273 [inline]\n usbdev_do_ioctl drivers/usb/core/devio.c:2547 [inline]\n usbdev_ioctl+0x3441/0x6b10 drivers/usb/core/devio.c:2713\n...\n\nTo fix this problem, this patch replaces usbfs\u0027s calls to\nusb_control_msg() and usb_bulk_msg() with special-purpose code that\ndoes essentially the same thing (as recommended in the comment for\nusb_start_wait_urb()), except that it always uses a killable wait and\nit uses GFP_KERNEL rather than GFP_NOIO.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47582",
"url": "https://www.suse.com/security/cve/CVE-2021-47582"
},
{
"category": "external",
"summary": "SUSE Bug 1226559 for CVE-2021-47582",
"url": "https://bugzilla.suse.com/1226559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47582"
},
{
"cve": "CVE-2021-47583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mxl111sf: change mutex_init() location\n\nSyzbot reported, that mxl111sf_ctrl_msg() uses uninitialized\nmutex. The problem was in wrong mutex_init() location.\n\nPrevious mutex_init(\u0026state-\u003emsg_lock) call was in -\u003einit() function, but\ndvb_usbv2_init() has this order of calls:\n\n\tdvb_usbv2_init()\n\t dvb_usbv2_adapter_init()\n\t dvb_usbv2_adapter_frontend_init()\n\t props-\u003efrontend_attach()\n\n\t props-\u003einit()\n\nSince mxl111sf_* devices call mxl111sf_ctrl_msg() in -\u003efrontend_attach()\ninternally we need to initialize state-\u003emsg_lock before\nfrontend_attach(). To achieve it, -\u003eprobe() call added to all mxl111sf_*\ndevices, which will simply initiaize mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47583",
"url": "https://www.suse.com/security/cve/CVE-2021-47583"
},
{
"category": "external",
"summary": "SUSE Bug 1226563 for CVE-2021-47583",
"url": "https://bugzilla.suse.com/1226563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47583"
},
{
"cve": "CVE-2021-47584",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47584"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niocost: Fix divide-by-zero on donation from low hweight cgroup\n\nThe donation calculation logic assumes that the donor has non-zero\nafter-donation hweight, so the lowest active hweight a donating cgroup can\nhave is 2 so that it can donate 1 while keeping the other 1 for itself.\nEarlier, we only donated from cgroups with sizable surpluses so this\ncondition was always true. However, with the precise donation algorithm\nimplemented, f1de2439ec43 (\"blk-iocost: revamp donation amount\ndetermination\") made the donation amount calculation exact enabling even low\nhweight cgroups to donate.\n\nThis means that in rare occasions, a cgroup with active hweight of 1 can\nenter donation calculation triggering the following warning and then a\ndivide-by-zero oops.\n\n WARNING: CPU: 4 PID: 0 at block/blk-iocost.c:1928 transfer_surpluses.cold+0x0/0x53 [884/94867]\n ...\n RIP: 0010:transfer_surpluses.cold+0x0/0x53\n Code: 92 ff 48 c7 c7 28 d1 ab b5 65 48 8b 34 25 00 ae 01 00 48 81 c6 90 06 00 00 e8 8b 3f fe ff 48 c7 c0 ea ff ff ff e9 95 ff 92 ff \u003c0f\u003e 0b 48 c7 c7 30 da ab b5 e8 71 3f fe ff 4c 89 e8 4d 85 ed 74 0\n4\n ...\n Call Trace:\n \u003cIRQ\u003e\n ioc_timer_fn+0x1043/0x1390\n call_timer_fn+0xa1/0x2c0\n __run_timers.part.0+0x1ec/0x2e0\n run_timer_softirq+0x35/0x70\n ...\n iocg: invalid donation weights in /a/b: active=1 donating=1 after=0\n\nFix it by excluding cgroups w/ active hweight \u003c 2 from donating. Excluding\nthese extreme low hweight donations shouldn\u0027t affect work conservation in\nany meaningful way.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47584",
"url": "https://www.suse.com/security/cve/CVE-2021-47584"
},
{
"category": "external",
"summary": "SUSE Bug 1226564 for CVE-2021-47584",
"url": "https://bugzilla.suse.com/1226564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47584"
},
{
"cve": "CVE-2021-47585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix memory leak in __add_inode_ref()\n\nLine 1169 (#3) allocates a memory chunk for victim_name by kmalloc(),\nbut when the function returns in line 1184 (#4) victim_name allocated\nby line 1169 (#3) is not freed, which will lead to a memory leak.\nThere is a similar snippet of code in this function as allocating a memory\nchunk for victim_name in line 1104 (#1) as well as releasing the memory\nin line 1116 (#2).\n\nWe should kfree() victim_name when the return value of backref_in_log()\nis less than zero and before the function returns in line 1184 (#4).\n\n1057 static inline int __add_inode_ref(struct btrfs_trans_handle *trans,\n1058 \t\t\t\t struct btrfs_root *root,\n1059 \t\t\t\t struct btrfs_path *path,\n1060 \t\t\t\t struct btrfs_root *log_root,\n1061 \t\t\t\t struct btrfs_inode *dir,\n1062 \t\t\t\t struct btrfs_inode *inode,\n1063 \t\t\t\t u64 inode_objectid, u64 parent_objectid,\n1064 \t\t\t\t u64 ref_index, char *name, int namelen,\n1065 \t\t\t\t int *search_done)\n1066 {\n\n1104 \tvictim_name = kmalloc(victim_name_len, GFP_NOFS);\n\t// #1: kmalloc (victim_name-1)\n1105 \tif (!victim_name)\n1106 \t\treturn -ENOMEM;\n\n1112\tret = backref_in_log(log_root, \u0026search_key,\n1113\t\t\tparent_objectid, victim_name,\n1114\t\t\tvictim_name_len);\n1115\tif (ret \u003c 0) {\n1116\t\tkfree(victim_name); // #2: kfree (victim_name-1)\n1117\t\treturn ret;\n1118\t} else if (!ret) {\n\n1169 \tvictim_name = kmalloc(victim_name_len, GFP_NOFS);\n\t// #3: kmalloc (victim_name-2)\n1170 \tif (!victim_name)\n1171 \t\treturn -ENOMEM;\n\n1180 \tret = backref_in_log(log_root, \u0026search_key,\n1181 \t\t\tparent_objectid, victim_name,\n1182 \t\t\tvictim_name_len);\n1183 \tif (ret \u003c 0) {\n1184 \t\treturn ret; // #4: missing kfree (victim_name-2)\n1185 \t} else if (!ret) {\n\n1241 \treturn 0;\n1242 }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47585",
"url": "https://www.suse.com/security/cve/CVE-2021-47585"
},
{
"category": "external",
"summary": "SUSE Bug 1226556 for CVE-2021-47585",
"url": "https://bugzilla.suse.com/1226556"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47585"
},
{
"cve": "CVE-2021-47586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47586"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: dwmac-rk: fix oob read in rk_gmac_setup\n\nKASAN reports an out-of-bounds read in rk_gmac_setup on the line:\n\n\twhile (ops-\u003eregs[i]) {\n\nThis happens for most platforms since the regs flexible array member is\nempty, so the memory after the ops structure is being read here. It\nseems that mostly this happens to contain zero anyway, so we get lucky\nand everything still works.\n\nTo avoid adding redundant data to nearly all the ops structures, add a\nnew flag to indicate whether the regs field is valid and avoid this loop\nwhen it is not.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47586",
"url": "https://www.suse.com/security/cve/CVE-2021-47586"
},
{
"category": "external",
"summary": "SUSE Bug 1226561 for CVE-2021-47586",
"url": "https://bugzilla.suse.com/1226561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47586"
},
{
"cve": "CVE-2021-47587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47587"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: systemport: Add global locking for descriptor lifecycle\n\nThe descriptor list is a shared resource across all of the transmit queues, and\nthe locking mechanism used today only protects concurrency across a given\ntransmit queue between the transmit and reclaiming. This creates an opportunity\nfor the SYSTEMPORT hardware to work on corrupted descriptors if we have\nmultiple producers at once which is the case when using multiple transmit\nqueues.\n\nThis was particularly noticeable when using multiple flows/transmit queues and\nit showed up in interesting ways in that UDP packets would get a correct UDP\nheader checksum being calculated over an incorrect packet length. Similarly TCP\npackets would get an equally correct checksum computed by the hardware over an\nincorrect packet length.\n\nThe SYSTEMPORT hardware maintains an internal descriptor list that it re-arranges\nwhen the driver produces a new descriptor anytime it writes to the\nWRITE_PORT_{HI,LO} registers, there is however some delay in the hardware to\nre-organize its descriptors and it is possible that concurrent TX queues\neventually break this internal allocation scheme to the point where the\nlength/status part of the descriptor gets used for an incorrect data buffer.\n\nThe fix is to impose a global serialization for all TX queues in the short\nsection where we are writing to the WRITE_PORT_{HI,LO} registers which solves\nthe corruption even with multiple concurrent TX queues being used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47587",
"url": "https://www.suse.com/security/cve/CVE-2021-47587"
},
{
"category": "external",
"summary": "SUSE Bug 1226567 for CVE-2021-47587",
"url": "https://bugzilla.suse.com/1226567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47587"
},
{
"cve": "CVE-2021-47589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47589"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigbvf: fix double free in `igbvf_probe`\n\nIn `igbvf_probe`, if register_netdev() fails, the program will go to\nlabel err_hw_init, and then to label err_ioremap. In free_netdev() which\nis just below label err_ioremap, there is `list_for_each_entry_safe` and\n`netif_napi_del` which aims to delete all entries in `dev-\u003enapi_list`.\nThe program has added an entry `adapter-\u003erx_ring-\u003enapi` which is added by\n`netif_napi_add` in igbvf_alloc_queues(). However, adapter-\u003erx_ring has\nbeen freed below label err_hw_init. So this a UAF.\n\nIn terms of how to patch the problem, we can refer to igbvf_remove() and\ndelete the entry before `adapter-\u003erx_ring`.\n\nThe KASAN logs are as follows:\n\n[ 35.126075] BUG: KASAN: use-after-free in free_netdev+0x1fd/0x450\n[ 35.127170] Read of size 8 at addr ffff88810126d990 by task modprobe/366\n[ 35.128360]\n[ 35.128643] CPU: 1 PID: 366 Comm: modprobe Not tainted 5.15.0-rc2+ #14\n[ 35.129789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014\n[ 35.131749] Call Trace:\n[ 35.132199] dump_stack_lvl+0x59/0x7b\n[ 35.132865] print_address_description+0x7c/0x3b0\n[ 35.133707] ? free_netdev+0x1fd/0x450\n[ 35.134378] __kasan_report+0x160/0x1c0\n[ 35.135063] ? free_netdev+0x1fd/0x450\n[ 35.135738] kasan_report+0x4b/0x70\n[ 35.136367] free_netdev+0x1fd/0x450\n[ 35.137006] igbvf_probe+0x121d/0x1a10 [igbvf]\n[ 35.137808] ? igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf]\n[ 35.138751] local_pci_probe+0x13c/0x1f0\n[ 35.139461] pci_device_probe+0x37e/0x6c0\n[ 35.165526]\n[ 35.165806] Allocated by task 366:\n[ 35.166414] ____kasan_kmalloc+0xc4/0xf0\n[ 35.167117] foo_kmem_cache_alloc_trace+0x3c/0x50 [igbvf]\n[ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf]\n[ 35.168866] local_pci_probe+0x13c/0x1f0\n[ 35.169565] pci_device_probe+0x37e/0x6c0\n[ 35.179713]\n[ 35.179993] Freed by task 366:\n[ 35.180539] kasan_set_track+0x4c/0x80\n[ 35.181211] kasan_set_free_info+0x1f/0x40\n[ 35.181942] ____kasan_slab_free+0x103/0x140\n[ 35.182703] kfree+0xe3/0x250\n[ 35.183239] igbvf_probe+0x1173/0x1a10 [igbvf]\n[ 35.184040] local_pci_probe+0x13c/0x1f0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47589",
"url": "https://www.suse.com/security/cve/CVE-2021-47589"
},
{
"category": "external",
"summary": "SUSE Bug 1226557 for CVE-2021-47589",
"url": "https://bugzilla.suse.com/1226557"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47589"
},
{
"cve": "CVE-2021-47592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix tc flower deletion for VLAN priority Rx steering\n\nTo replicate the issue:-\n\n1) Add 1 flower filter for VLAN Priority based frame steering:-\n$ IFDEVNAME=eth0\n$ tc qdisc add dev $IFDEVNAME ingress\n$ tc qdisc add dev $IFDEVNAME root mqprio num_tc 8 \\\n map 0 1 2 3 4 5 6 7 0 0 0 0 0 0 0 0 \\\n queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 hw 0\n$ tc filter add dev $IFDEVNAME parent ffff: protocol 802.1Q \\\n flower vlan_prio 0 hw_tc 0\n\n2) Get the \u0027pref\u0027 id\n$ tc filter show dev $IFDEVNAME ingress\n\n3) Delete a specific tc flower record (say pref 49151)\n$ tc filter del dev $IFDEVNAME parent ffff: pref 49151\n\nFrom dmesg, we will observe kernel NULL pointer ooops\n\n[ 197.170464] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 197.171367] #PF: supervisor read access in kernel mode\n[ 197.171367] #PF: error_code(0x0000) - not-present page\n[ 197.171367] PGD 0 P4D 0\n[ 197.171367] Oops: 0000 [#1] PREEMPT SMP NOPTI\n\n\u003csnip\u003e\n\n[ 197.171367] RIP: 0010:tc_setup_cls+0x20b/0x4a0 [stmmac]\n\n\u003csnip\u003e\n\n[ 197.171367] Call Trace:\n[ 197.171367] \u003cTASK\u003e\n[ 197.171367] ? __stmmac_disable_all_queues+0xa8/0xe0 [stmmac]\n[ 197.171367] stmmac_setup_tc_block_cb+0x70/0x110 [stmmac]\n[ 197.171367] tc_setup_cb_destroy+0xb3/0x180\n[ 197.171367] fl_hw_destroy_filter+0x94/0xc0 [cls_flower]\n\nThe above issue is due to previous incorrect implementation of\ntc_del_vlan_flow(), shown below, that uses flow_cls_offload_flow_rule()\nto get struct flow_rule *rule which is no longer valid for tc filter\ndelete operation.\n\n struct flow_rule *rule = flow_cls_offload_flow_rule(cls);\n struct flow_dissector *dissector = rule-\u003ematch.dissector;\n\nSo, to ensure tc_del_vlan_flow() deletes the right VLAN cls record for\nearlier configured RX queue (configured by hw_tc) in tc_add_vlan_flow(),\nthis patch introduces stmmac_rfs_entry as driver-side flow_cls_offload\nrecord for \u0027RX frame steering\u0027 tc flower, currently used for VLAN\npriority. The implementation has taken consideration for future extension\nto include other type RX frame steering such as EtherType based.\n\nv2:\n - Clean up overly extensive backtrace and rewrite git message to better\n explain the kernel NULL pointer issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47592",
"url": "https://www.suse.com/security/cve/CVE-2021-47592"
},
{
"category": "external",
"summary": "SUSE Bug 1226572 for CVE-2021-47592",
"url": "https://bugzilla.suse.com/1226572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47592"
},
{
"cve": "CVE-2021-47596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix use-after-free bug in hclgevf_send_mbx_msg\n\nCurrently, the hns3_remove function firstly uninstall client instance,\nand then uninstall acceletion engine device. The netdevice is freed in\nclient instance uninstall process, but acceletion engine device uninstall\nprocess still use it to trace runtime information. This causes a use after\nfree problem.\n\nSo fixes it by check the instance register state to avoid use after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47596",
"url": "https://www.suse.com/security/cve/CVE-2021-47596"
},
{
"category": "external",
"summary": "SUSE Bug 1226558 for CVE-2021-47596",
"url": "https://bugzilla.suse.com/1226558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47596"
},
{
"cve": "CVE-2021-47597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet_diag: fix kernel-infoleak for UDP sockets\n\nKMSAN reported a kernel-infoleak [1], that can exploited\nby unpriv users.\n\nAfter analysis it turned out UDP was not initializing\nr-\u003eidiag_expires. Other users of inet_sk_diag_fill()\nmight make the same mistake in the future, so fix this\nin inet_sk_diag_fill().\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]\nBUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:156 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670\n instrument_copy_to_user include/linux/instrumented.h:121 [inline]\n copyout lib/iov_iter.c:156 [inline]\n _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670\n copy_to_iter include/linux/uio.h:155 [inline]\n simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519\n __skb_datagram_iter+0x2cb/0x1280 net/core/datagram.c:425\n skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533\n skb_copy_datagram_msg include/linux/skbuff.h:3657 [inline]\n netlink_recvmsg+0x660/0x1c60 net/netlink/af_netlink.c:1974\n sock_recvmsg_nosec net/socket.c:944 [inline]\n sock_recvmsg net/socket.c:962 [inline]\n sock_read_iter+0x5a9/0x630 net/socket.c:1035\n call_read_iter include/linux/fs.h:2156 [inline]\n new_sync_read fs/read_write.c:400 [inline]\n vfs_read+0x1631/0x1980 fs/read_write.c:481\n ksys_read+0x28c/0x520 fs/read_write.c:619\n __do_sys_read fs/read_write.c:629 [inline]\n __se_sys_read fs/read_write.c:627 [inline]\n __x64_sys_read+0xdb/0x120 fs/read_write.c:627\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:524 [inline]\n slab_alloc_node mm/slub.c:3251 [inline]\n __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974\n kmalloc_reserve net/core/skbuff.c:354 [inline]\n __alloc_skb+0x545/0xf90 net/core/skbuff.c:426\n alloc_skb include/linux/skbuff.h:1126 [inline]\n netlink_dump+0x3d5/0x16a0 net/netlink/af_netlink.c:2245\n __netlink_dump_start+0xd1c/0xee0 net/netlink/af_netlink.c:2370\n netlink_dump_start include/linux/netlink.h:254 [inline]\n inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1343\n sock_diag_rcv_msg+0x24a/0x620\n netlink_rcv_skb+0x447/0x800 net/netlink/af_netlink.c:2491\n sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:276\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x1095/0x1360 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x16f3/0x1870 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:704 [inline]\n sock_sendmsg net/socket.c:724 [inline]\n sock_write_iter+0x594/0x690 net/socket.c:1057\n do_iter_readv_writev+0xa7f/0xc70\n do_iter_write+0x52c/0x1500 fs/read_write.c:851\n vfs_writev fs/read_write.c:924 [inline]\n do_writev+0x63f/0xe30 fs/read_write.c:967\n __do_sys_writev fs/read_write.c:1040 [inline]\n __se_sys_writev fs/read_write.c:1037 [inline]\n __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBytes 68-71 of 312 are uninitialized\nMemory access of size 312 starts at ffff88812ab54000\nData copied to user address 0000000020001440\n\nCPU: 1 PID: 6365 Comm: syz-executor801 Not tainted 5.16.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47597",
"url": "https://www.suse.com/security/cve/CVE-2021-47597"
},
{
"category": "external",
"summary": "SUSE Bug 1226553 for CVE-2021-47597",
"url": "https://bugzilla.suse.com/1226553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "low"
}
],
"title": "CVE-2021-47597"
},
{
"cve": "CVE-2021-47598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47598"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_cake: do not call cake_destroy() from cake_init()\n\nqdiscs are not supposed to call their own destroy() method\nfrom init(), because core stack already does that.\n\nsyzbot was able to trigger use after free:\n\nDEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\nWARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock_common kernel/locking/mutex.c:586 [inline]\nWARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock+0x9ec/0x12f0 kernel/locking/mutex.c:740\nModules linked in:\nCPU: 0 PID: 21902 Comm: syz-executor189 Not tainted 5.16.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:__mutex_lock_common kernel/locking/mutex.c:586 [inline]\nRIP: 0010:__mutex_lock+0x9ec/0x12f0 kernel/locking/mutex.c:740\nCode: 08 84 d2 0f 85 19 08 00 00 8b 05 97 38 4b 04 85 c0 0f 85 27 f7 ff ff 48 c7 c6 20 00 ac 89 48 c7 c7 a0 fe ab 89 e8 bf 76 ba ff \u003c0f\u003e 0b e9 0d f7 ff ff 48 8b 44 24 40 48 8d b8 c8 08 00 00 48 89 f8\nRSP: 0018:ffffc9000627f290 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88802315d700 RSI: ffffffff815f1db8 RDI: fffff52000c4fe44\nRBP: ffff88818f28e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffffff815ebb5e R11: 0000000000000000 R12: 0000000000000000\nR13: dffffc0000000000 R14: ffffc9000627f458 R15: 0000000093c30000\nFS: 0000555556abc400(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fda689c3303 CR3: 000000001cfbb000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n tcf_chain0_head_change_cb_del+0x2e/0x3d0 net/sched/cls_api.c:810\n tcf_block_put_ext net/sched/cls_api.c:1381 [inline]\n tcf_block_put_ext net/sched/cls_api.c:1376 [inline]\n tcf_block_put+0xbc/0x130 net/sched/cls_api.c:1394\n cake_destroy+0x3f/0x80 net/sched/sch_cake.c:2695\n qdisc_create.constprop.0+0x9da/0x10f0 net/sched/sch_api.c:1293\n tc_modify_qdisc+0x4c5/0x1980 net/sched/sch_api.c:1660\n rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5571\n netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2496\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x904/0xdf0 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:704 [inline]\n sock_sendmsg+0xcf/0x120 net/socket.c:724\n ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409\n ___sys_sendmsg+0xf3/0x170 net/socket.c:2463\n __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f1bb06badb9\nCode: Unable to access opcode bytes at RIP 0x7f1bb06bad8f.\nRSP: 002b:00007fff3012a658 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1bb06badb9\nRDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000003\nR10: 0000000000000003 R11: 0000000000000246 R12: 00007fff3012a688\nR13: 00007fff3012a6a0 R14: 00007fff3012a6e0 R15: 00000000000013c2\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47598",
"url": "https://www.suse.com/security/cve/CVE-2021-47598"
},
{
"category": "external",
"summary": "SUSE Bug 1226574 for CVE-2021-47598",
"url": "https://bugzilla.suse.com/1226574"
},
{
"category": "external",
"summary": "SUSE Bug 1227471 for CVE-2021-47598",
"url": "https://bugzilla.suse.com/1227471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2021-47598"
},
{
"cve": "CVE-2021-47600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm btree remove: fix use after free in rebalance_children()\n\nMove dm_tm_unlock() after dm_tm_dec().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47600",
"url": "https://www.suse.com/security/cve/CVE-2021-47600"
},
{
"category": "external",
"summary": "SUSE Bug 1226575 for CVE-2021-47600",
"url": "https://bugzilla.suse.com/1226575"
},
{
"category": "external",
"summary": "SUSE Bug 1227472 for CVE-2021-47600",
"url": "https://bugzilla.suse.com/1227472"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2021-47600"
},
{
"cve": "CVE-2021-47601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: amdtee: fix an IS_ERR() vs NULL bug\n\nThe __get_free_pages() function does not return error pointers it returns\nNULL so fix this condition to avoid a NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47601",
"url": "https://www.suse.com/security/cve/CVE-2021-47601"
},
{
"category": "external",
"summary": "SUSE Bug 1226576 for CVE-2021-47601",
"url": "https://bugzilla.suse.com/1226576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47601"
},
{
"cve": "CVE-2021-47602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: track only QoS data frames for admission control\n\nFor admission control, obviously all of that only works for\nQoS data frames, otherwise we cannot even access the QoS\nfield in the header.\n\nSyzbot reported (see below) an uninitialized value here due\nto a status of a non-QoS nullfunc packet, which isn\u0027t even\nlong enough to contain the QoS header.\n\nFix this to only do anything for QoS data packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47602",
"url": "https://www.suse.com/security/cve/CVE-2021-47602"
},
{
"category": "external",
"summary": "SUSE Bug 1226554 for CVE-2021-47602",
"url": "https://bugzilla.suse.com/1226554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47602"
},
{
"cve": "CVE-2021-47603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47603"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naudit: improve robustness of the audit queue handling\n\nIf the audit daemon were ever to get stuck in a stopped state the\nkernel\u0027s kauditd_thread() could get blocked attempting to send audit\nrecords to the userspace audit daemon. With the kernel thread\nblocked it is possible that the audit queue could grow unbounded as\ncertain audit record generating events must be exempt from the queue\nlimits else the system enter a deadlock state.\n\nThis patch resolves this problem by lowering the kernel thread\u0027s\nsocket sending timeout from MAX_SCHEDULE_TIMEOUT to HZ/10 and tweaks\nthe kauditd_send_queue() function to better manage the various audit\nqueues when connection problems occur between the kernel and the\naudit daemon. With this patch, the backlog may temporarily grow\nbeyond the defined limits when the audit daemon is stopped and the\nsystem is under heavy audit pressure, but kauditd_thread() will\ncontinue to make progress and drain the queues as it would for other\nconnection problems. For example, with the audit daemon put into a\nstopped state and the system configured to audit every syscall it\nwas still possible to shutdown the system without a kernel panic,\ndeadlock, etc.; granted, the system was slow to shutdown but that is\nto be expected given the extreme pressure of recording every syscall.\n\nThe timeout value of HZ/10 was chosen primarily through\nexperimentation and this developer\u0027s \"gut feeling\". There is likely\nno one perfect value, but as this scenario is limited in scope (root\nprivileges would be needed to send SIGSTOP to the audit daemon), it\nis likely not worth exposing this as a tunable at present. This can\nalways be done at a later date if it proves necessary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47603",
"url": "https://www.suse.com/security/cve/CVE-2021-47603"
},
{
"category": "external",
"summary": "SUSE Bug 1226577 for CVE-2021-47603",
"url": "https://bugzilla.suse.com/1226577"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47603"
},
{
"cve": "CVE-2021-47607",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47607"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix kernel address leakage in atomic cmpxchg\u0027s r0 aux reg\n\nThe implementation of BPF_CMPXCHG on a high level has the following parameters:\n\n .-[old-val] .-[new-val]\n BPF_R0 = cmpxchg{32,64}(DST_REG + insn-\u003eoff, BPF_R0, SRC_REG)\n `-[mem-loc] `-[old-val]\n\nGiven a BPF insn can only have two registers (dst, src), the R0 is fixed and\nused as an auxilliary register for input (old value) as well as output (returning\nold value from memory location). While the verifier performs a number of safety\nchecks, it misses to reject unprivileged programs where R0 contains a pointer as\nold value.\n\nThrough brute-forcing it takes about ~16sec on my machine to leak a kernel pointer\nwith BPF_CMPXCHG. The PoC is basically probing for kernel addresses by storing the\nguessed address into the map slot as a scalar, and using the map value pointer as\nR0 while SRC_REG has a canary value to detect a matching address.\n\nFix it by checking R0 for pointers, and reject if that\u0027s the case for unprivileged\nprograms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47607",
"url": "https://www.suse.com/security/cve/CVE-2021-47607"
},
{
"category": "external",
"summary": "SUSE Bug 1226580 for CVE-2021-47607",
"url": "https://bugzilla.suse.com/1226580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47607"
},
{
"cve": "CVE-2021-47608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47608"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix kernel address leakage in atomic fetch\n\nThe change in commit 37086bfdc737 (\"bpf: Propagate stack bounds to registers\nin atomics w/ BPF_FETCH\") around check_mem_access() handling is buggy since\nthis would allow for unprivileged users to leak kernel pointers. For example,\nan atomic fetch/and with -1 on a stack destination which holds a spilled\npointer will migrate the spilled register type into a scalar, which can then\nbe exported out of the program (since scalar != pointer) by dumping it into\na map value.\n\nThe original implementation of XADD was preventing this situation by using\na double call to check_mem_access() one with BPF_READ and a subsequent one\nwith BPF_WRITE, in both cases passing -1 as a placeholder value instead of\nregister as per XADD semantics since it didn\u0027t contain a value fetch. The\nBPF_READ also included a check in check_stack_read_fixed_off() which rejects\nthe program if the stack slot is of __is_pointer_value() if dst_regno \u003c 0.\nThe latter is to distinguish whether we\u0027re dealing with a regular stack spill/\nfill or some arithmetical operation which is disallowed on non-scalars, see\nalso 6e7e63cbb023 (\"bpf: Forbid XADD on spilled pointers for unprivileged\nusers\") for more context on check_mem_access() and its handling of placeholder\nvalue -1.\n\nOne minimally intrusive option to fix the leak is for the BPF_FETCH case to\ninitially check the BPF_READ case via check_mem_access() with -1 as register,\nfollowed by the actual load case with non-negative load_reg to propagate\nstack bounds to registers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47608",
"url": "https://www.suse.com/security/cve/CVE-2021-47608"
},
{
"category": "external",
"summary": "SUSE Bug 1226569 for CVE-2021-47608",
"url": "https://bugzilla.suse.com/1226569"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47608"
},
{
"cve": "CVE-2021-47609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47609"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scpi: Fix string overflow in SCPI genpd driver\n\nWithout the bound checks for scpi_pd-\u003ename, it could result in the buffer\noverflow when copying the SCPI device name from the corresponding device\ntree node as the name string is set at maximum size of 30.\n\nLet us fix it by using devm_kasprintf so that the string buffer is\nallocated dynamically.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47609",
"url": "https://www.suse.com/security/cve/CVE-2021-47609"
},
{
"category": "external",
"summary": "SUSE Bug 1226562 for CVE-2021-47609",
"url": "https://bugzilla.suse.com/1226562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47609"
},
{
"cve": "CVE-2021-47611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47611"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: validate extended element ID is present\n\nBefore attempting to parse an extended element, verify that\nthe extended element ID is present.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47611",
"url": "https://www.suse.com/security/cve/CVE-2021-47611"
},
{
"category": "external",
"summary": "SUSE Bug 1226583 for CVE-2021-47611",
"url": "https://bugzilla.suse.com/1226583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47611"
},
{
"cve": "CVE-2021-47612",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47612"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fix segfault in nfc_genl_dump_devices_done\n\nWhen kmalloc in nfc_genl_dump_devices() fails then\nnfc_genl_dump_devices_done() segfaults as below\n\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014\nWorkqueue: events netlink_sock_destruct_work\nRIP: 0010:klist_iter_exit+0x26/0x80\nCall Trace:\n\u003cTASK\u003e\nclass_dev_iter_exit+0x15/0x20\nnfc_genl_dump_devices_done+0x3b/0x50\ngenl_lock_done+0x84/0xd0\nnetlink_sock_destruct+0x8f/0x270\n__sk_destruct+0x64/0x3b0\nsk_destruct+0xa8/0xd0\n__sk_free+0x2e8/0x3d0\nsk_free+0x51/0x90\nnetlink_sock_destruct_work+0x1c/0x20\nprocess_one_work+0x411/0x710\nworker_thread+0x6fd/0xa80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47612",
"url": "https://www.suse.com/security/cve/CVE-2021-47612"
},
{
"category": "external",
"summary": "SUSE Bug 1226585 for CVE-2021-47612",
"url": "https://bugzilla.suse.com/1226585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47612"
},
{
"cve": "CVE-2021-47614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47614"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix a user-after-free in add_pble_prm\n\nWhen irdma_hmc_sd_one fails, \u0027chunk\u0027 is freed while its still on the PBLE\ninfo list.\n\nAdd the chunk entry to the PBLE info list only after successful setting of\nthe SD in irdma_hmc_sd_one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47614",
"url": "https://www.suse.com/security/cve/CVE-2021-47614"
},
{
"category": "external",
"summary": "SUSE Bug 1226601 for CVE-2021-47614",
"url": "https://bugzilla.suse.com/1226601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47614"
},
{
"cve": "CVE-2021-47615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47615"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47615",
"url": "https://www.suse.com/security/cve/CVE-2021-47615"
},
{
"category": "external",
"summary": "SUSE Bug 1226602 for CVE-2021-47615",
"url": "https://bugzilla.suse.com/1226602"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "low"
}
],
"title": "CVE-2021-47615"
},
{
"cve": "CVE-2021-47616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA: Fix use-after-free in rxe_queue_cleanup\n\nOn error handling path in rxe_qp_from_init() qp-\u003esq.queue is freed and\nthen rxe_create_qp() will drop last reference to this object. qp clean up\nfunction will try to free this queue one time and it causes UAF bug.\n\nFix it by zeroing queue pointer after freeing queue in rxe_qp_from_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47616",
"url": "https://www.suse.com/security/cve/CVE-2021-47616"
},
{
"category": "external",
"summary": "SUSE Bug 1226603 for CVE-2021-47616",
"url": "https://bugzilla.suse.com/1226603"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47616"
},
{
"cve": "CVE-2021-47617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: pciehp: Fix infinite loop in IRQ handler upon power fault\n\nThe Power Fault Detected bit in the Slot Status register differs from\nall other hotplug events in that it is sticky: It can only be cleared\nafter turning off slot power. Per PCIe r5.0, sec. 6.7.1.8:\n\n If a power controller detects a main power fault on the hot-plug slot,\n it must automatically set its internal main power fault latch [...].\n The main power fault latch is cleared when software turns off power to\n the hot-plug slot.\n\nThe stickiness used to cause interrupt storms and infinite loops which\nwere fixed in 2009 by commits 5651c48cfafe (\"PCI pciehp: fix power fault\ninterrupt storm problem\") and 99f0169c17f3 (\"PCI: pciehp: enable\nsoftware notification on empty slots\").\n\nUnfortunately in 2020 the infinite loop issue was inadvertently\nreintroduced by commit 8edf5332c393 (\"PCI: pciehp: Fix MSI interrupt\nrace\"): The hardirq handler pciehp_isr() clears the PFD bit until\npciehp\u0027s power_fault_detected flag is set. That happens in the IRQ\nthread pciehp_ist(), which never learns of the event because the hardirq\nhandler is stuck in an infinite loop. Fix by setting the\npower_fault_detected flag already in the hardirq handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47617",
"url": "https://www.suse.com/security/cve/CVE-2021-47617"
},
{
"category": "external",
"summary": "SUSE Bug 1226614 for CVE-2021-47617",
"url": "https://bugzilla.suse.com/1226614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47617"
},
{
"cve": "CVE-2021-47618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: 9170/1: fix panic when kasan and kprobe are enabled\n\narm32 uses software to simulate the instruction replaced\nby kprobe. some instructions may be simulated by constructing\nassembly functions. therefore, before executing instruction\nsimulation, it is necessary to construct assembly function\nexecution environment in C language through binding registers.\nafter kasan is enabled, the register binding relationship will\nbe destroyed, resulting in instruction simulation errors and\ncausing kernel panic.\n\nthe kprobe emulate instruction function is distributed in three\nfiles: actions-common.c actions-arm.c actions-thumb.c, so disable\nKASAN when compiling these files.\n\nfor example, use kprobe insert on cap_capable+20 after kasan\nenabled, the cap_capable assembly code is as follows:\n\u003ccap_capable\u003e:\ne92d47f0\tpush\t{r4, r5, r6, r7, r8, r9, sl, lr}\ne1a05000\tmov\tr5, r0\ne280006c\tadd\tr0, r0, #108 ; 0x6c\ne1a04001\tmov\tr4, r1\ne1a06002\tmov\tr6, r2\ne59fa090\tldr\tsl, [pc, #144] ;\nebfc7bf8\tbl\tc03aa4b4 \u003c__asan_load4\u003e\ne595706c\tldr\tr7, [r5, #108] ; 0x6c\ne2859014\tadd\tr9, r5, #20\n......\nThe emulate_ldr assembly code after enabling kasan is as follows:\nc06f1384 \u003cemulate_ldr\u003e:\ne92d47f0\tpush\t{r4, r5, r6, r7, r8, r9, sl, lr}\ne282803c\tadd\tr8, r2, #60 ; 0x3c\ne1a05000\tmov\tr5, r0\ne7e37855\tubfx\tr7, r5, #16, #4\ne1a00008\tmov\tr0, r8\ne1a09001\tmov\tr9, r1\ne1a04002\tmov\tr4, r2\nebf35462\tbl\tc03c6530 \u003c__asan_load4\u003e\ne357000f\tcmp\tr7, #15\ne7e36655\tubfx\tr6, r5, #12, #4\ne205a00f\tand\tsl, r5, #15\n0a000001\tbeq\tc06f13bc \u003cemulate_ldr+0x38\u003e\ne0840107\tadd\tr0, r4, r7, lsl #2\nebf3545c\tbl\tc03c6530 \u003c__asan_load4\u003e\ne084010a\tadd\tr0, r4, sl, lsl #2\nebf3545a\tbl\tc03c6530 \u003c__asan_load4\u003e\ne2890010\tadd\tr0, r9, #16\nebf35458\tbl\tc03c6530 \u003c__asan_load4\u003e\ne5990010\tldr\tr0, [r9, #16]\ne12fff30\tblx\tr0\ne356000f\tcm\tr6, #15\n1a000014\tbne\tc06f1430 \u003cemulate_ldr+0xac\u003e\ne1a06000\tmov\tr6, r0\ne2840040\tadd\tr0, r4, #64 ; 0x40\n......\n\nwhen running in emulate_ldr to simulate the ldr instruction, panic\noccurred, and the log is as follows:\nUnable to handle kernel NULL pointer dereference at virtual address\n00000090\npgd = ecb46400\n[00000090] *pgd=2e0fa003, *pmd=00000000\nInternal error: Oops: 206 [#1] SMP ARM\nPC is at cap_capable+0x14/0xb0\nLR is at emulate_ldr+0x50/0xc0\npsr: 600d0293 sp : ecd63af8 ip : 00000004 fp : c0a7c30c\nr10: 00000000 r9 : c30897f4 r8 : ecd63cd4\nr7 : 0000000f r6 : 0000000a r5 : e59fa090 r4 : ecd63c98\nr3 : c06ae294 r2 : 00000000 r1 : b7611300 r0 : bf4ec008\nFlags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user\nControl: 32c5387d Table: 2d546400 DAC: 55555555\nProcess bash (pid: 1643, stack limit = 0xecd60190)\n(cap_capable) from (kprobe_handler+0x218/0x340)\n(kprobe_handler) from (kprobe_trap_handler+0x24/0x48)\n(kprobe_trap_handler) from (do_undefinstr+0x13c/0x364)\n(do_undefinstr) from (__und_svc_finish+0x0/0x30)\n(__und_svc_finish) from (cap_capable+0x18/0xb0)\n(cap_capable) from (cap_vm_enough_memory+0x38/0x48)\n(cap_vm_enough_memory) from\n(security_vm_enough_memory_mm+0x48/0x6c)\n(security_vm_enough_memory_mm) from\n(copy_process.constprop.5+0x16b4/0x25c8)\n(copy_process.constprop.5) from (_do_fork+0xe8/0x55c)\n(_do_fork) from (SyS_clone+0x1c/0x24)\n(SyS_clone) from (__sys_trace_return+0x0/0x10)\nCode: 0050a0e1 6c0080e2 0140a0e1 0260a0e1 (f801f0e7)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47618",
"url": "https://www.suse.com/security/cve/CVE-2021-47618"
},
{
"category": "external",
"summary": "SUSE Bug 1226644 for CVE-2021-47618",
"url": "https://bugzilla.suse.com/1226644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47618"
},
{
"cve": "CVE-2021-47619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix queues reservation for XDP\n\nWhen XDP was configured on a system with large number of CPUs\nand X722 NIC there was a call trace with NULL pointer dereference.\n\ni40e 0000:87:00.0: failed to get tracking for 256 queues for VSI 0 err -12\ni40e 0000:87:00.0: setup of MAIN VSI failed\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: 0010:i40e_xdp+0xea/0x1b0 [i40e]\nCall Trace:\n? i40e_reconfig_rss_queues+0x130/0x130 [i40e]\ndev_xdp_install+0x61/0xe0\ndev_xdp_attach+0x18a/0x4c0\ndev_change_xdp_fd+0x1e6/0x220\ndo_setlink+0x616/0x1030\n? ahci_port_stop+0x80/0x80\n? ata_qc_issue+0x107/0x1e0\n? lock_timer_base+0x61/0x80\n? __mod_timer+0x202/0x380\nrtnl_setlink+0xe5/0x170\n? bpf_lsm_binder_transaction+0x10/0x10\n? security_capable+0x36/0x50\nrtnetlink_rcv_msg+0x121/0x350\n? rtnl_calcit.isra.0+0x100/0x100\nnetlink_rcv_skb+0x50/0xf0\nnetlink_unicast+0x1d3/0x2a0\nnetlink_sendmsg+0x22a/0x440\nsock_sendmsg+0x5e/0x60\n__sys_sendto+0xf0/0x160\n? __sys_getsockname+0x7e/0xc0\n? _copy_from_user+0x3c/0x80\n? __sys_setsockopt+0xc8/0x1a0\n__x64_sys_sendto+0x20/0x30\ndo_syscall_64+0x33/0x40\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f83fa7a39e0\n\nThis was caused by PF queue pile fragmentation due to\nflow director VSI queue being placed right after main VSI.\nBecause of this main VSI was not able to resize its\nqueue allocation for XDP resulting in no queues allocated\nfor main VSI when XDP was turned on.\n\nFix this by always allocating last queue in PF queue pile\nfor a flow director VSI.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47619",
"url": "https://www.suse.com/security/cve/CVE-2021-47619"
},
{
"category": "external",
"summary": "SUSE Bug 1226645 for CVE-2021-47619",
"url": "https://bugzilla.suse.com/1226645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47619"
},
{
"cve": "CVE-2021-47620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47620"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: refactor malicious adv data check\n\nCheck for out-of-bound read was being performed at the end of while\nnum_reports loop, and would fill journal with false positives. Added\ncheck to beginning of loop processing so that it doesn\u0027t get checked\nafter ptr has been advanced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47620",
"url": "https://www.suse.com/security/cve/CVE-2021-47620"
},
{
"category": "external",
"summary": "SUSE Bug 1226669 for CVE-2021-47620",
"url": "https://bugzilla.suse.com/1226669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47620"
},
{
"cve": "CVE-2021-47622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: Fix a deadlock in the error handler\n\nThe following deadlock has been observed on a test setup:\n\n - All tags allocated\n\n - The SCSI error handler calls ufshcd_eh_host_reset_handler()\n\n - ufshcd_eh_host_reset_handler() queues work that calls\n ufshcd_err_handler()\n\n - ufshcd_err_handler() locks up as follows:\n\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt\nCall trace:\n __switch_to+0x298/0x5d8\n __schedule+0x6cc/0xa94\n schedule+0x12c/0x298\n blk_mq_get_tag+0x210/0x480\n __blk_mq_alloc_request+0x1c8/0x284\n blk_get_request+0x74/0x134\n ufshcd_exec_dev_cmd+0x68/0x640\n ufshcd_verify_dev_init+0x68/0x35c\n ufshcd_probe_hba+0x12c/0x1cb8\n ufshcd_host_reset_and_restore+0x88/0x254\n ufshcd_reset_and_restore+0xd0/0x354\n ufshcd_err_handler+0x408/0xc58\n process_one_work+0x24c/0x66c\n worker_thread+0x3e8/0xa4c\n kthread+0x150/0x1b4\n ret_from_fork+0x10/0x30\n\nFix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved\nrequest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47622",
"url": "https://www.suse.com/security/cve/CVE-2021-47622"
},
{
"category": "external",
"summary": "SUSE Bug 1227917 for CVE-2021-47622",
"url": "https://bugzilla.suse.com/1227917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2021-47622"
},
{
"cve": "CVE-2021-47624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47624"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change\n\nThe refcount leak issues take place in an error handling path. When the\n3rd argument buf doesn\u0027t match with \"offline\", \"online\" or \"remove\", the\nfunction simply returns -EINVAL and forgets to decrease the reference\ncount of a rpc_xprt object and a rpc_xprt_switch object increased by\nrpc_sysfs_xprt_kobj_get_xprt() and\nrpc_sysfs_xprt_kobj_get_xprt_switch(), causing reference count leaks of\nboth unused objects.\n\nFix this issue by jumping to the error handling path labelled with\nout_put when buf matches none of \"offline\", \"online\" or \"remove\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47624",
"url": "https://www.suse.com/security/cve/CVE-2021-47624"
},
{
"category": "external",
"summary": "SUSE Bug 1227920 for CVE-2021-47624",
"url": "https://bugzilla.suse.com/1227920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "low"
}
],
"title": "CVE-2021-47624"
},
{
"cve": "CVE-2022-48711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: improve size validations for received domain records\n\nThe function tipc_mon_rcv() allows a node to receive and process\ndomain_record structs from peer nodes to track their views of the\nnetwork topology.\n\nThis patch verifies that the number of members in a received domain\nrecord does not exceed the limit defined by MAX_MON_DOMAIN, something\nthat may otherwise lead to a stack overflow.\n\ntipc_mon_rcv() is called from the function tipc_link_proto_rcv(), where\nwe are reading a 32 bit message data length field into a uint16. To\navert any risk of bit overflow, we add an extra sanity check for this in\nthat function. We cannot see that happen with the current code, but\nfuture designers being unaware of this risk, may introduce it by\nallowing delivery of very large (\u003e 64k) sk buffers from the bearer\nlayer. This potential problem was identified by Eric Dumazet.\n\nThis fixes CVE-2022-0435",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48711",
"url": "https://www.suse.com/security/cve/CVE-2022-48711"
},
{
"category": "external",
"summary": "SUSE Bug 1226672 for CVE-2022-48711",
"url": "https://bugzilla.suse.com/1226672"
},
{
"category": "external",
"summary": "SUSE Bug 1227473 for CVE-2022-48711",
"url": "https://bugzilla.suse.com/1227473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2022-48711"
},
{
"cve": "CVE-2022-48712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48712"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix error handling in ext4_fc_record_modified_inode()\n\nCurrent code does not fully takes care of krealloc() error case, which\ncould lead to silent memory corruption or a kernel bug. This patch\nfixes that.\n\nAlso it cleans up some duplicated error handling logic from various\nfunctions in fast_commit.c file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48712",
"url": "https://www.suse.com/security/cve/CVE-2022-48712"
},
{
"category": "external",
"summary": "SUSE Bug 1226673 for CVE-2022-48712",
"url": "https://bugzilla.suse.com/1226673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48712"
},
{
"cve": "CVE-2022-48713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/pt: Fix crash with stop filters in single-range mode\n\nAdd a check for !buf-\u003esingle before calling pt_buffer_region_size in a\nplace where a missing check can cause a kernel crash.\n\nFixes a bug introduced by commit 670638477aed (\"perf/x86/intel/pt:\nOpportunistically use single range output mode\"), which added a\nsupport for PT single-range output mode. Since that commit if a PT\nstop filter range is hit while tracing, the kernel will crash because\nof a null pointer dereference in pt_handle_status due to calling\npt_buffer_region_size without a ToPA configured.\n\nThe commit which introduced single-range mode guarded almost all uses of\nthe ToPA buffer variables with checks of the buf-\u003esingle variable, but\nmissed the case where tracing was stopped by the PT hardware, which\nhappens when execution hits a configured stop filter.\n\nTested that hitting a stop filter while PT recording successfully\nrecords a trace with this patch but crashes without this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48713",
"url": "https://www.suse.com/security/cve/CVE-2022-48713"
},
{
"category": "external",
"summary": "SUSE Bug 1227549 for CVE-2022-48713",
"url": "https://bugzilla.suse.com/1227549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48713"
},
{
"cve": "CVE-2022-48715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bnx2fc: Make bnx2fc_recv_frame() mp safe\n\nRunning tests with a debug kernel shows that bnx2fc_recv_frame() is\nmodifying the per_cpu lport stats counters in a non-mpsafe way. Just boot\na debug kernel and run the bnx2fc driver with the hardware enabled.\n\n[ 1391.699147] BUG: using smp_processor_id() in preemptible [00000000] code: bnx2fc_\n[ 1391.699160] caller is bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]\n[ 1391.699174] CPU: 2 PID: 4355 Comm: bnx2fc_l2_threa Kdump: loaded Tainted: G B\n[ 1391.699180] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013\n[ 1391.699183] Call Trace:\n[ 1391.699188] dump_stack_lvl+0x57/0x7d\n[ 1391.699198] check_preemption_disabled+0xc8/0xd0\n[ 1391.699205] bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]\n[ 1391.699215] ? do_raw_spin_trylock+0xb5/0x180\n[ 1391.699221] ? bnx2fc_npiv_create_vports.isra.0+0x4e0/0x4e0 [bnx2fc]\n[ 1391.699229] ? bnx2fc_l2_rcv_thread+0xb7/0x3a0 [bnx2fc]\n[ 1391.699240] bnx2fc_l2_rcv_thread+0x1af/0x3a0 [bnx2fc]\n[ 1391.699250] ? bnx2fc_ulp_init+0xc0/0xc0 [bnx2fc]\n[ 1391.699258] kthread+0x364/0x420\n[ 1391.699263] ? _raw_spin_unlock_irq+0x24/0x50\n[ 1391.699268] ? set_kthread_struct+0x100/0x100\n[ 1391.699273] ret_from_fork+0x22/0x30\n\nRestore the old get_cpu/put_cpu code with some modifications to reduce the\nsize of the critical section.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48715",
"url": "https://www.suse.com/security/cve/CVE-2022-48715"
},
{
"category": "external",
"summary": "SUSE Bug 1226621 for CVE-2022-48715",
"url": "https://bugzilla.suse.com/1226621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "low"
}
],
"title": "CVE-2022-48715"
},
{
"cve": "CVE-2022-48717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48717"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: max9759: fix underflow in speaker_gain_control_put()\n\nCheck for negative values of \"priv-\u003egain\" to prevent an out of bounds\naccess. The concern is that these might come from the user via:\n -\u003e snd_ctl_elem_write_user()\n -\u003e snd_ctl_elem_write()\n -\u003e kctl-\u003eput()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48717",
"url": "https://www.suse.com/security/cve/CVE-2022-48717"
},
{
"category": "external",
"summary": "SUSE Bug 1226679 for CVE-2022-48717",
"url": "https://bugzilla.suse.com/1226679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48717"
},
{
"cve": "CVE-2022-48720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macsec: Fix offload support for NETDEV_UNREGISTER event\n\nCurrent macsec netdev notify handler handles NETDEV_UNREGISTER event by\nreleasing relevant SW resources only, this causes resources leak in case\nof macsec HW offload, as the underlay driver was not notified to clean\nit\u0027s macsec offload resources.\n\nFix by calling the underlay driver to clean it\u0027s relevant resources\nby moving offload handling from macsec_dellink() to macsec_common_dellink()\nwhen handling NETDEV_UNREGISTER event.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48720",
"url": "https://www.suse.com/security/cve/CVE-2022-48720"
},
{
"category": "external",
"summary": "SUSE Bug 1226683 for CVE-2022-48720",
"url": "https://bugzilla.suse.com/1226683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "low"
}
],
"title": "CVE-2022-48720"
},
{
"cve": "CVE-2022-48721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Forward wakeup to smc socket waitqueue after fallback\n\nWhen we replace TCP with SMC and a fallback occurs, there may be\nsome socket waitqueue entries remaining in smc socket-\u003ewq, such\nas eppoll_entries inserted by userspace applications.\n\nAfter the fallback, data flows over TCP/IP and only clcsocket-\u003ewq\nwill be woken up. Applications can\u0027t be notified by the entries\nwhich were inserted in smc socket-\u003ewq before fallback. So we need\na mechanism to wake up smc socket-\u003ewq at the same time if some\nentries remaining in it.\n\nThe current workaround is to transfer the entries from smc socket-\u003ewq\nto clcsock-\u003ewq during the fallback. But this may cause a crash\nlike this:\n\n general protection fault, probably for non-canonical address 0xdead000000000100: 0000 [#1] PREEMPT SMP PTI\n CPU: 3 PID: 0 Comm: swapper/3 Kdump: loaded Tainted: G E 5.16.0+ #107\n RIP: 0010:__wake_up_common+0x65/0x170\n Call Trace:\n \u003cIRQ\u003e\n __wake_up_common_lock+0x7a/0xc0\n sock_def_readable+0x3c/0x70\n tcp_data_queue+0x4a7/0xc40\n tcp_rcv_established+0x32f/0x660\n ? sk_filter_trim_cap+0xcb/0x2e0\n tcp_v4_do_rcv+0x10b/0x260\n tcp_v4_rcv+0xd2a/0xde0\n ip_protocol_deliver_rcu+0x3b/0x1d0\n ip_local_deliver_finish+0x54/0x60\n ip_local_deliver+0x6a/0x110\n ? tcp_v4_early_demux+0xa2/0x140\n ? tcp_v4_early_demux+0x10d/0x140\n ip_sublist_rcv_finish+0x49/0x60\n ip_sublist_rcv+0x19d/0x230\n ip_list_rcv+0x13e/0x170\n __netif_receive_skb_list_core+0x1c2/0x240\n netif_receive_skb_list_internal+0x1e6/0x320\n napi_complete_done+0x11d/0x190\n mlx5e_napi_poll+0x163/0x6b0 [mlx5_core]\n __napi_poll+0x3c/0x1b0\n net_rx_action+0x27c/0x300\n __do_softirq+0x114/0x2d2\n irq_exit_rcu+0xb4/0xe0\n common_interrupt+0xba/0xe0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n\nThe crash is caused by privately transferring waitqueue entries from\nsmc socket-\u003ewq to clcsock-\u003ewq. The owners of these entries, such as\nepoll, have no idea that the entries have been transferred to a\ndifferent socket wait queue and still use original waitqueue spinlock\n(smc socket-\u003ewq.wait.lock) to make the entries operation exclusive,\nbut it doesn\u0027t work. The operations to the entries, such as removing\nfrom the waitqueue (now is clcsock-\u003ewq after fallback), may cause a\ncrash when clcsock waitqueue is being iterated over at the moment.\n\nThis patch tries to fix this by no longer transferring wait queue\nentries privately, but introducing own implementations of clcsock\u0027s\ncallback functions in fallback situation. The callback functions will\nforward the wakeup to smc socket-\u003ewq if clcsock-\u003ewq is actually woken\nup and smc socket-\u003ewq has remaining entries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48721",
"url": "https://www.suse.com/security/cve/CVE-2022-48721"
},
{
"category": "external",
"summary": "SUSE Bug 1226685 for CVE-2022-48721",
"url": "https://bugzilla.suse.com/1226685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48721"
},
{
"cve": "CVE-2022-48722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: ca8210: Stop leaking skb\u0027s\n\nUpon error the ieee802154_xmit_complete() helper is not called. Only\nieee802154_wake_queue() is called manually. We then leak the skb\nstructure.\n\nFree the skb structure upon error before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48722",
"url": "https://www.suse.com/security/cve/CVE-2022-48722"
},
{
"category": "external",
"summary": "SUSE Bug 1226619 for CVE-2022-48722",
"url": "https://bugzilla.suse.com/1226619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48722"
},
{
"cve": "CVE-2022-48723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: uniphier: fix reference count leak in uniphier_spi_probe()\n\nThe issue happens in several error paths in uniphier_spi_probe().\nWhen either dma_get_slave_caps() or devm_spi_register_master() returns\nan error code, the function forgets to decrease the refcount of both\n`dma_rx` and `dma_tx` objects, which may lead to refcount leaks.\n\nFix it by decrementing the reference count of specific objects in\nthose error paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48723",
"url": "https://www.suse.com/security/cve/CVE-2022-48723"
},
{
"category": "external",
"summary": "SUSE Bug 1226617 for CVE-2022-48723",
"url": "https://bugzilla.suse.com/1226617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48723"
},
{
"cve": "CVE-2022-48724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()\n\nAfter commit e3beca48a45b (\"irqdomain/treewide: Keep firmware node\nunconditionally allocated\"). For tear down scenario, fn is only freed\nafter fail to allocate ir_domain, though it also should be freed in case\ndmar_enable_qi returns error.\n\nBesides free fn, irq_domain and ir_msi_domain need to be removed as well\nif intel_setup_irq_remapping fails to enable queued invalidation.\n\nImprove the rewinding path by add out_free_ir_domain and out_free_fwnode\nlables per Baolu\u0027s suggestion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48724",
"url": "https://www.suse.com/security/cve/CVE-2022-48724"
},
{
"category": "external",
"summary": "SUSE Bug 1226624 for CVE-2022-48724",
"url": "https://bugzilla.suse.com/1226624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48724"
},
{
"cve": "CVE-2022-48725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix refcounting leak in siw_create_qp()\n\nThe atomic_inc() needs to be paired with an atomic_dec() on the error\npath.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48725",
"url": "https://www.suse.com/security/cve/CVE-2022-48725"
},
{
"category": "external",
"summary": "SUSE Bug 1226618 for CVE-2022-48725",
"url": "https://bugzilla.suse.com/1226618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48725"
},
{
"cve": "CVE-2022-48726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/ucma: Protect mc during concurrent multicast leaves\n\nPartially revert the commit mentioned in the Fixes line to make sure that\nallocation and erasing multicast struct are locked.\n\n BUG: KASAN: use-after-free in ucma_cleanup_multicast drivers/infiniband/core/ucma.c:491 [inline]\n BUG: KASAN: use-after-free in ucma_destroy_private_ctx+0x914/0xb70 drivers/infiniband/core/ucma.c:579\n Read of size 8 at addr ffff88801bb74b00 by task syz-executor.1/25529\n CPU: 0 PID: 25529 Comm: syz-executor.1 Not tainted 5.16.0-rc7-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n Call Trace:\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x320 mm/kasan/report.c:247\n __kasan_report mm/kasan/report.c:433 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:450\n ucma_cleanup_multicast drivers/infiniband/core/ucma.c:491 [inline]\n ucma_destroy_private_ctx+0x914/0xb70 drivers/infiniband/core/ucma.c:579\n ucma_destroy_id+0x1e6/0x280 drivers/infiniband/core/ucma.c:614\n ucma_write+0x25c/0x350 drivers/infiniband/core/ucma.c:1732\n vfs_write+0x28e/0xae0 fs/read_write.c:588\n ksys_write+0x1ee/0x250 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nCurrently the xarray search can touch a concurrently freeing mc as the\nxa_for_each() is not surrounded by any lock. Rather than hold the lock for\na full scan hold it only for the effected items, which is usually an empty\nlist.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48726",
"url": "https://www.suse.com/security/cve/CVE-2022-48726"
},
{
"category": "external",
"summary": "SUSE Bug 1226686 for CVE-2022-48726",
"url": "https://bugzilla.suse.com/1226686"
},
{
"category": "external",
"summary": "SUSE Bug 1227552 for CVE-2022-48726",
"url": "https://bugzilla.suse.com/1227552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2022-48726"
},
{
"cve": "CVE-2022-48727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Avoid consuming a stale esr value when SError occur\n\nWhen any exception other than an IRQ occurs, the CPU updates the ESR_EL2\nregister with the exception syndrome. An SError may also become pending,\nand will be synchronised by KVM. KVM notes the exception type, and whether\nan SError was synchronised in exit_code.\n\nWhen an exception other than an IRQ occurs, fixup_guest_exit() updates\nvcpu-\u003earch.fault.esr_el2 from the hardware register. When an SError was\nsynchronised, the vcpu esr value is used to determine if the exception\nwas due to an HVC. If so, ELR_EL2 is moved back one instruction. This\nis so that KVM can process the SError first, and re-execute the HVC if\nthe guest survives the SError.\n\nBut if an IRQ synchronises an SError, the vcpu\u0027s esr value is stale.\nIf the previous non-IRQ exception was an HVC, KVM will corrupt ELR_EL2,\ncausing an unrelated guest instruction to be executed twice.\n\nCheck ARM_EXCEPTION_CODE() before messing with ELR_EL2, IRQs don\u0027t\nupdate this register so don\u0027t need to check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48727",
"url": "https://www.suse.com/security/cve/CVE-2022-48727"
},
{
"category": "external",
"summary": "SUSE Bug 1226690 for CVE-2022-48727",
"url": "https://bugzilla.suse.com/1226690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48727"
},
{
"cve": "CVE-2022-48728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix AIP early init panic\n\nAn early failure in hfi1_ipoib_setup_rn() can lead to the following panic:\n\n BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP NOPTI\n Workqueue: events work_for_cpu_fn\n RIP: 0010:try_to_grab_pending+0x2b/0x140\n Code: 1f 44 00 00 41 55 41 54 55 48 89 d5 53 48 89 fb 9c 58 0f 1f 44 00 00 48 89 c2 fa 66 0f 1f 44 00 00 48 89 55 00 40 84 f6 75 77 \u003cf0\u003e 48 0f ba 2b 00 72 09 31 c0 5b 5d 41 5c 41 5d c3 48 89 df e8 6c\n RSP: 0018:ffffb6b3cf7cfa48 EFLAGS: 00010046\n RAX: 0000000000000246 RBX: 00000000000001b0 RCX: 0000000000000000\n RDX: 0000000000000246 RSI: 0000000000000000 RDI: 00000000000001b0\n RBP: ffffb6b3cf7cfa70 R08: 0000000000000f09 R09: 0000000000000001\n R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000\n R13: ffffb6b3cf7cfa90 R14: ffffffff9b2fbfc0 R15: ffff8a4fdf244690\n FS: 0000000000000000(0000) GS:ffff8a527f400000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000001b0 CR3: 00000017e2410003 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n __cancel_work_timer+0x42/0x190\n ? dev_printk_emit+0x4e/0x70\n iowait_cancel_work+0x15/0x30 [hfi1]\n hfi1_ipoib_txreq_deinit+0x5a/0x220 [hfi1]\n ? dev_err+0x6c/0x90\n hfi1_ipoib_netdev_dtor+0x15/0x30 [hfi1]\n hfi1_ipoib_setup_rn+0x10e/0x150 [hfi1]\n rdma_init_netdev+0x5a/0x80 [ib_core]\n ? hfi1_ipoib_free_rdma_netdev+0x20/0x20 [hfi1]\n ipoib_intf_init+0x6c/0x350 [ib_ipoib]\n ipoib_intf_alloc+0x5c/0xc0 [ib_ipoib]\n ipoib_add_one+0xbe/0x300 [ib_ipoib]\n add_client_context+0x12c/0x1a0 [ib_core]\n enable_device_and_get+0xdc/0x1d0 [ib_core]\n ib_register_device+0x572/0x6b0 [ib_core]\n rvt_register_device+0x11b/0x220 [rdmavt]\n hfi1_register_ib_device+0x6b4/0x770 [hfi1]\n do_init_one.isra.20+0x3e3/0x680 [hfi1]\n local_pci_probe+0x41/0x90\n work_for_cpu_fn+0x16/0x20\n process_one_work+0x1a7/0x360\n ? create_worker+0x1a0/0x1a0\n worker_thread+0x1cf/0x390\n ? create_worker+0x1a0/0x1a0\n kthread+0x116/0x130\n ? kthread_flush_work_fn+0x10/0x10\n ret_from_fork+0x1f/0x40\n\nThe panic happens in hfi1_ipoib_txreq_deinit() because there is a NULL\nderef when hfi1_ipoib_netdev_dtor() is called in this error case.\n\nhfi1_ipoib_txreq_init() and hfi1_ipoib_rxq_init() are self unwinding so\nfix by adjusting the error paths accordingly.\n\nOther changes:\n- hfi1_ipoib_free_rdma_netdev() is deleted including the free_netdev()\n since the netdev core code deletes calls free_netdev()\n- The switch to the accelerated entrances is moved to the success path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48728",
"url": "https://www.suse.com/security/cve/CVE-2022-48728"
},
{
"category": "external",
"summary": "SUSE Bug 1226691 for CVE-2022-48728",
"url": "https://bugzilla.suse.com/1226691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48728"
},
{
"cve": "CVE-2022-48729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix panic with larger ipoib send_queue_size\n\nWhen the ipoib send_queue_size is increased from the default the following\npanic happens:\n\n RIP: 0010:hfi1_ipoib_drain_tx_ring+0x45/0xf0 [hfi1]\n Code: 31 e4 eb 0f 8b 85 c8 02 00 00 41 83 c4 01 44 39 e0 76 60 8b 8d cc 02 00 00 44 89 e3 be 01 00 00 00 d3 e3 48 03 9d c0 02 00 00 \u003cc7\u003e 83 18 01 00 00 00 00 00 00 48 8b bb 30 01 00 00 e8 25 af a7 e0\n RSP: 0018:ffffc9000798f4a0 EFLAGS: 00010286\n RAX: 0000000000008000 RBX: ffffc9000aa0f000 RCX: 000000000000000f\n RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000\n RBP: ffff88810ff08000 R08: ffff88889476d900 R09: 0000000000000101\n R10: 0000000000000000 R11: ffffc90006590ff8 R12: 0000000000000200\n R13: ffffc9000798fba8 R14: 0000000000000000 R15: 0000000000000001\n FS: 00007fd0f79cc3c0(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffc9000aa0f118 CR3: 0000000889c84001 CR4: 00000000001706e0\n Call Trace:\n \u003cTASK\u003e\n hfi1_ipoib_napi_tx_disable+0x45/0x60 [hfi1]\n hfi1_ipoib_dev_stop+0x18/0x80 [hfi1]\n ipoib_ib_dev_stop+0x1d/0x40 [ib_ipoib]\n ipoib_stop+0x48/0xc0 [ib_ipoib]\n __dev_close_many+0x9e/0x110\n __dev_change_flags+0xd9/0x210\n dev_change_flags+0x21/0x60\n do_setlink+0x31c/0x10f0\n ? __nla_validate_parse+0x12d/0x1a0\n ? __nla_parse+0x21/0x30\n ? inet6_validate_link_af+0x5e/0xf0\n ? cpumask_next+0x1f/0x20\n ? __snmp6_fill_stats64.isra.53+0xbb/0x140\n ? __nla_validate_parse+0x47/0x1a0\n __rtnl_newlink+0x530/0x910\n ? pskb_expand_head+0x73/0x300\n ? __kmalloc_node_track_caller+0x109/0x280\n ? __nla_put+0xc/0x20\n ? cpumask_next_and+0x20/0x30\n ? update_sd_lb_stats.constprop.144+0xd3/0x820\n ? _raw_spin_unlock_irqrestore+0x25/0x37\n ? __wake_up_common_lock+0x87/0xc0\n ? kmem_cache_alloc_trace+0x3d/0x3d0\n rtnl_newlink+0x43/0x60\n\nThe issue happens when the shift that should have been a function of the\ntxq item size mistakenly used the ring size.\n\nFix by using the item size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48729",
"url": "https://www.suse.com/security/cve/CVE-2022-48729"
},
{
"category": "external",
"summary": "SUSE Bug 1226710 for CVE-2022-48729",
"url": "https://bugzilla.suse.com/1226710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48729"
},
{
"cve": "CVE-2022-48730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix potential spectre v1 gadget\n\nIt appears like nr could be a Spectre v1 gadget as it\u0027s supplied by a\nuser and used as an array index. Prevent the contents\nof kernel memory from being leaked to userspace via speculative\nexecution by using array_index_nospec.\n\n [sumits: added fixes and cc: stable tags]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48730",
"url": "https://www.suse.com/security/cve/CVE-2022-48730"
},
{
"category": "external",
"summary": "SUSE Bug 1226713 for CVE-2022-48730",
"url": "https://bugzilla.suse.com/1226713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48730"
},
{
"cve": "CVE-2022-48732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix off by one in BIOS boundary checking\n\nBounds checking when parsing init scripts embedded in the BIOS reject\naccess to the last byte. This causes driver initialization to fail on\nApple eMac\u0027s with GeForce 2 MX GPUs, leaving the system with no working\nconsole.\n\nThis is probably only seen on OpenFirmware machines like PowerPC Macs\nbecause the BIOS image provided by OF is only the used parts of the ROM,\nnot a power-of-two blocks read from PCI directly so PCs always have\nempty bytes at the end that are never accessed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48732",
"url": "https://www.suse.com/security/cve/CVE-2022-48732"
},
{
"category": "external",
"summary": "SUSE Bug 1226716 for CVE-2022-48732",
"url": "https://bugzilla.suse.com/1226716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48732"
},
{
"cve": "CVE-2022-48734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock between quota disable and qgroup rescan worker\n\nQuota disable ioctl starts a transaction before waiting for the qgroup\nrescan worker completes. However, this wait can be infinite and results\nin deadlock because of circular dependency among the quota disable\nioctl, the qgroup rescan worker and the other task with transaction such\nas block group relocation task.\n\nThe deadlock happens with the steps following:\n\n1) Task A calls ioctl to disable quota. It starts a transaction and\n waits for qgroup rescan worker completes.\n2) Task B such as block group relocation task starts a transaction and\n joins to the transaction that task A started. Then task B commits to\n the transaction. In this commit, task B waits for a commit by task A.\n3) Task C as the qgroup rescan worker starts its job and starts a\n transaction. In this transaction start, task C waits for completion\n of the transaction that task A started and task B committed.\n\nThis deadlock was found with fstests test case btrfs/115 and a zoned\nnull_blk device. The test case enables and disables quota, and the\nblock group reclaim was triggered during the quota disable by chance.\nThe deadlock was also observed by running quota enable and disable in\nparallel with \u0027btrfs balance\u0027 command on regular null_blk devices.\n\nAn example report of the deadlock:\n\n [372.469894] INFO: task kworker/u16:6:103 blocked for more than 122 seconds.\n [372.479944] Not tainted 5.16.0-rc8 #7\n [372.485067] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n [372.493898] task:kworker/u16:6 state:D stack: 0 pid: 103 ppid: 2 flags:0x00004000\n [372.503285] Workqueue: btrfs-qgroup-rescan btrfs_work_helper [btrfs]\n [372.510782] Call Trace:\n [372.514092] \u003cTASK\u003e\n [372.521684] __schedule+0xb56/0x4850\n [372.530104] ? io_schedule_timeout+0x190/0x190\n [372.538842] ? lockdep_hardirqs_on+0x7e/0x100\n [372.547092] ? _raw_spin_unlock_irqrestore+0x3e/0x60\n [372.555591] schedule+0xe0/0x270\n [372.561894] btrfs_commit_transaction+0x18bb/0x2610 [btrfs]\n [372.570506] ? btrfs_apply_pending_changes+0x50/0x50 [btrfs]\n [372.578875] ? free_unref_page+0x3f2/0x650\n [372.585484] ? finish_wait+0x270/0x270\n [372.591594] ? release_extent_buffer+0x224/0x420 [btrfs]\n [372.599264] btrfs_qgroup_rescan_worker+0xc13/0x10c0 [btrfs]\n [372.607157] ? lock_release+0x3a9/0x6d0\n [372.613054] ? btrfs_qgroup_account_extent+0xda0/0xda0 [btrfs]\n [372.620960] ? do_raw_spin_lock+0x11e/0x250\n [372.627137] ? rwlock_bug.part.0+0x90/0x90\n [372.633215] ? lock_is_held_type+0xe4/0x140\n [372.639404] btrfs_work_helper+0x1ae/0xa90 [btrfs]\n [372.646268] process_one_work+0x7e9/0x1320\n [372.652321] ? lock_release+0x6d0/0x6d0\n [372.658081] ? pwq_dec_nr_in_flight+0x230/0x230\n [372.664513] ? rwlock_bug.part.0+0x90/0x90\n [372.670529] worker_thread+0x59e/0xf90\n [372.676172] ? process_one_work+0x1320/0x1320\n [372.682440] kthread+0x3b9/0x490\n [372.687550] ? _raw_spin_unlock_irq+0x24/0x50\n [372.693811] ? set_kthread_struct+0x100/0x100\n [372.700052] ret_from_fork+0x22/0x30\n [372.705517] \u003c/TASK\u003e\n [372.709747] INFO: task btrfs-transacti:2347 blocked for more than 123 seconds.\n [372.729827] Not tainted 5.16.0-rc8 #7\n [372.745907] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n [372.767106] task:btrfs-transacti state:D stack: 0 pid: 2347 ppid: 2 flags:0x00004000\n [372.787776] Call Trace:\n [372.801652] \u003cTASK\u003e\n [372.812961] __schedule+0xb56/0x4850\n [372.830011] ? io_schedule_timeout+0x190/0x190\n [372.852547] ? lockdep_hardirqs_on+0x7e/0x100\n [372.871761] ? _raw_spin_unlock_irqrestore+0x3e/0x60\n [372.886792] schedule+0xe0/0x270\n [372.901685] wait_current_trans+0x22c/0x310 [btrfs]\n [372.919743] ? btrfs_put_transaction+0x3d0/0x3d0 [btrfs]\n [372.938923] ? finish_wait+0x270/0x270\n [372.959085] ? join_transaction+0xc7\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48734",
"url": "https://www.suse.com/security/cve/CVE-2022-48734"
},
{
"category": "external",
"summary": "SUSE Bug 1226626 for CVE-2022-48734",
"url": "https://bugzilla.suse.com/1226626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48734"
},
{
"cve": "CVE-2022-48735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix UAF of leds class devs at unbinding\n\nThe LED class devices that are created by HD-audio codec drivers are\nregistered via devm_led_classdev_register() and associated with the\nHD-audio codec device. Unfortunately, it turned out that the devres\nrelease doesn\u0027t work for this case; namely, since the codec resource\nrelease happens before the devm call chain, it triggers a NULL\ndereference or a UAF for a stale set_brightness_delay callback.\n\nFor fixing the bug, this patch changes the LED class device register\nand unregister in a manual manner without devres, keeping the\ninstances in hda_gen_spec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48735",
"url": "https://www.suse.com/security/cve/CVE-2022-48735"
},
{
"category": "external",
"summary": "SUSE Bug 1226719 for CVE-2022-48735",
"url": "https://bugzilla.suse.com/1226719"
},
{
"category": "external",
"summary": "SUSE Bug 1227438 for CVE-2022-48735",
"url": "https://bugzilla.suse.com/1227438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2022-48735"
},
{
"cve": "CVE-2022-48736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48736"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48736",
"url": "https://www.suse.com/security/cve/CVE-2022-48736"
},
{
"category": "external",
"summary": "SUSE Bug 1226721 for CVE-2022-48736",
"url": "https://bugzilla.suse.com/1226721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48736"
},
{
"cve": "CVE-2022-48737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48737"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48737",
"url": "https://www.suse.com/security/cve/CVE-2022-48737"
},
{
"category": "external",
"summary": "SUSE Bug 1226762 for CVE-2022-48737",
"url": "https://bugzilla.suse.com/1226762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48737"
},
{
"cve": "CVE-2022-48738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Reject out of bounds values in snd_soc_put_volsw()\n\nWe don\u0027t currently validate that the values being set are within the range\nwe advertised to userspace as being valid, do so and reject any values\nthat are out of range.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48738",
"url": "https://www.suse.com/security/cve/CVE-2022-48738"
},
{
"category": "external",
"summary": "SUSE Bug 1226674 for CVE-2022-48738",
"url": "https://bugzilla.suse.com/1226674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48738"
},
{
"cve": "CVE-2022-48739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: hdmi-codec: Fix OOB memory accesses\n\nCorrect size of iec_status array by changing it to the size of status\narray of the struct snd_aes_iec958. This fixes out-of-bounds slab\nread accesses made by memcpy() of the hdmi-codec driver. This problem\nis reported by KASAN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48739",
"url": "https://www.suse.com/security/cve/CVE-2022-48739"
},
{
"category": "external",
"summary": "SUSE Bug 1226675 for CVE-2022-48739",
"url": "https://bugzilla.suse.com/1226675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48739"
},
{
"cve": "CVE-2022-48740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48740"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix double free of cond_list on error paths\n\nOn error path from cond_read_list() and duplicate_policydb_cond_list()\nthe cond_list_destroy() gets called a second time in caller functions,\nresulting in NULL pointer deref. Fix this by resetting the\ncond_list_len to 0 in cond_list_destroy(), making subsequent calls a\nnoop.\n\nAlso consistently reset the cond_list pointer to NULL after freeing.\n\n[PM: fix line lengths in the description]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48740",
"url": "https://www.suse.com/security/cve/CVE-2022-48740"
},
{
"category": "external",
"summary": "SUSE Bug 1226699 for CVE-2022-48740",
"url": "https://bugzilla.suse.com/1226699"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48740"
},
{
"cve": "CVE-2022-48743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: amd-xgbe: Fix skb data length underflow\n\nThere will be BUG_ON() triggered in include/linux/skbuff.h leading to\nintermittent kernel panic, when the skb length underflow is detected.\n\nFix this by dropping the packet if such length underflows are seen\nbecause of inconsistencies in the hardware descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48743",
"url": "https://www.suse.com/security/cve/CVE-2022-48743"
},
{
"category": "external",
"summary": "SUSE Bug 1226705 for CVE-2022-48743",
"url": "https://bugzilla.suse.com/1226705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48743"
},
{
"cve": "CVE-2022-48744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Avoid field-overflowing memcpy()\n\nIn preparation for FORTIFY_SOURCE performing compile-time and run-time\nfield bounds checking for memcpy(), memmove(), and memset(), avoid\nintentionally writing across neighboring fields.\n\nUse flexible arrays instead of zero-element arrays (which look like they\nare always overflowing) and split the cross-field memcpy() into two halves\nthat can be appropriately bounds-checked by the compiler.\n\nWe were doing:\n\n\t#define ETH_HLEN 14\n\t#define VLAN_HLEN 4\n\t...\n\t#define MLX5E_XDP_MIN_INLINE (ETH_HLEN + VLAN_HLEN)\n\t...\n struct mlx5e_tx_wqe *wqe = mlx5_wq_cyc_get_wqe(wq, pi);\n\t...\n struct mlx5_wqe_eth_seg *eseg = \u0026wqe-\u003eeth;\n struct mlx5_wqe_data_seg *dseg = wqe-\u003edata;\n\t...\n\tmemcpy(eseg-\u003einline_hdr.start, xdptxd-\u003edata, MLX5E_XDP_MIN_INLINE);\n\ntarget is wqe-\u003eeth.inline_hdr.start (which the compiler sees as being\n2 bytes in size), but copying 18, intending to write across start\n(really vlan_tci, 2 bytes). The remaining 16 bytes get written into\nwqe-\u003edata[0], covering byte_count (4 bytes), lkey (4 bytes), and addr\n(8 bytes).\n\nstruct mlx5e_tx_wqe {\n struct mlx5_wqe_ctrl_seg ctrl; /* 0 16 */\n struct mlx5_wqe_eth_seg eth; /* 16 16 */\n struct mlx5_wqe_data_seg data[]; /* 32 0 */\n\n /* size: 32, cachelines: 1, members: 3 */\n /* last cacheline: 32 bytes */\n};\n\nstruct mlx5_wqe_eth_seg {\n u8 swp_outer_l4_offset; /* 0 1 */\n u8 swp_outer_l3_offset; /* 1 1 */\n u8 swp_inner_l4_offset; /* 2 1 */\n u8 swp_inner_l3_offset; /* 3 1 */\n u8 cs_flags; /* 4 1 */\n u8 swp_flags; /* 5 1 */\n __be16 mss; /* 6 2 */\n __be32 flow_table_metadata; /* 8 4 */\n union {\n struct {\n __be16 sz; /* 12 2 */\n u8 start[2]; /* 14 2 */\n } inline_hdr; /* 12 4 */\n struct {\n __be16 type; /* 12 2 */\n __be16 vlan_tci; /* 14 2 */\n } insert; /* 12 4 */\n __be32 trailer; /* 12 4 */\n }; /* 12 4 */\n\n /* size: 16, cachelines: 1, members: 9 */\n /* last cacheline: 16 bytes */\n};\n\nstruct mlx5_wqe_data_seg {\n __be32 byte_count; /* 0 4 */\n __be32 lkey; /* 4 4 */\n __be64 addr; /* 8 8 */\n\n /* size: 16, cachelines: 1, members: 3 */\n /* last cacheline: 16 bytes */\n};\n\nSo, split the memcpy() so the compiler can reason about the buffer\nsizes.\n\n\"pahole\" shows no size nor member offset changes to struct mlx5e_tx_wqe\nnor struct mlx5e_umr_wqe. \"objdump -d\" shows no meaningful object\ncode changes (i.e. only source line number induced differences and\noptimizations).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48744",
"url": "https://www.suse.com/security/cve/CVE-2022-48744"
},
{
"category": "external",
"summary": "SUSE Bug 1226696 for CVE-2022-48744",
"url": "https://bugzilla.suse.com/1226696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48744"
},
{
"cve": "CVE-2022-48745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Use del_timer_sync in fw reset flow of halting poll\n\nSubstitute del_timer() with del_timer_sync() in fw reset polling\ndeactivation flow, in order to prevent a race condition which occurs\nwhen del_timer() is called and timer is deactivated while another\nprocess is handling the timer interrupt. A situation that led to\nthe following call trace:\n\tRIP: 0010:run_timer_softirq+0x137/0x420\n\t\u003cIRQ\u003e\n\trecalibrate_cpu_khz+0x10/0x10\n\tktime_get+0x3e/0xa0\n\t? sched_clock_cpu+0xb/0xc0\n\t__do_softirq+0xf5/0x2ea\n\tirq_exit_rcu+0xc1/0xf0\n\tsysvec_apic_timer_interrupt+0x9e/0xc0\n\tasm_sysvec_apic_timer_interrupt+0x12/0x20\n\t\u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48745",
"url": "https://www.suse.com/security/cve/CVE-2022-48745"
},
{
"category": "external",
"summary": "SUSE Bug 1226702 for CVE-2022-48745",
"url": "https://bugzilla.suse.com/1226702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48745"
},
{
"cve": "CVE-2022-48746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48746"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix handling of wrong devices during bond netevent\n\nCurrent implementation of bond netevent handler only check if\nthe handled netdev is VF representor and it missing a check if\nthe VF representor is on the same phys device of the bond handling\nthe netevent.\n\nFix by adding the missing check and optimizing the check if\nthe netdev is VF representor so it will not access uninitialized\nprivate data and crashes.\n\nBUG: kernel NULL pointer dereference, address: 000000000000036c\nPGD 0 P4D 0\nOops: 0000 [#1] SMP NOPTI\nWorkqueue: eth3bond0 bond_mii_monitor [bonding]\nRIP: 0010:mlx5e_is_uplink_rep+0xc/0x50 [mlx5_core]\nRSP: 0018:ffff88812d69fd60 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff8881cf800000 RCX: 0000000000000000\nRDX: ffff88812d69fe10 RSI: 000000000000001b RDI: ffff8881cf800880\nRBP: ffff8881cf800000 R08: 00000445cabccf2b R09: 0000000000000008\nR10: 0000000000000004 R11: 0000000000000008 R12: ffff88812d69fe10\nR13: 00000000fffffffe R14: ffff88820c0f9000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff88846fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000000036c CR3: 0000000103d80006 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n mlx5e_eswitch_uplink_rep+0x31/0x40 [mlx5_core]\n mlx5e_rep_is_lag_netdev+0x94/0xc0 [mlx5_core]\n mlx5e_rep_esw_bond_netevent+0xeb/0x3d0 [mlx5_core]\n raw_notifier_call_chain+0x41/0x60\n call_netdevice_notifiers_info+0x34/0x80\n netdev_lower_state_changed+0x4e/0xa0\n bond_mii_monitor+0x56b/0x640 [bonding]\n process_one_work+0x1b9/0x390\n worker_thread+0x4d/0x3d0\n ? rescuer_thread+0x350/0x350\n kthread+0x124/0x150\n ? set_kthread_struct+0x40/0x40\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48746",
"url": "https://www.suse.com/security/cve/CVE-2022-48746"
},
{
"category": "external",
"summary": "SUSE Bug 1226703 for CVE-2022-48746",
"url": "https://bugzilla.suse.com/1226703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48746"
},
{
"cve": "CVE-2022-48747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48747"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix wrong offset in bio_truncate()\n\nbio_truncate() clears the buffer outside of last block of bdev, however\ncurrent bio_truncate() is using the wrong offset of page. So it can\nreturn the uninitialized data.\n\nThis happened when both of truncated/corrupted FS and userspace (via\nbdev) are trying to read the last of bdev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48747",
"url": "https://www.suse.com/security/cve/CVE-2022-48747"
},
{
"category": "external",
"summary": "SUSE Bug 1226643 for CVE-2022-48747",
"url": "https://bugzilla.suse.com/1226643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48747"
},
{
"cve": "CVE-2022-48749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc\n\nThe function performs a check on the \"ctx\" input parameter, however, it\nis used before the check.\n\nInitialize the \"base\" variable after the sanity check to avoid a\npossible NULL pointer dereference.\n\nAddresses-Coverity-ID: 1493866 (\"Null pointer dereference\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48749",
"url": "https://www.suse.com/security/cve/CVE-2022-48749"
},
{
"category": "external",
"summary": "SUSE Bug 1226650 for CVE-2022-48749",
"url": "https://bugzilla.suse.com/1226650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48749"
},
{
"cve": "CVE-2022-48751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Transitional solution for clcsock race issue\n\nWe encountered a crash in smc_setsockopt() and it is caused by\naccessing smc-\u003eclcsock after clcsock was released.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000020\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 50309 Comm: nginx Kdump: loaded Tainted: G E 5.16.0-rc4+ #53\n RIP: 0010:smc_setsockopt+0x59/0x280 [smc]\n Call Trace:\n \u003cTASK\u003e\n __sys_setsockopt+0xfc/0x190\n __x64_sys_setsockopt+0x20/0x30\n do_syscall_64+0x34/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f16ba83918e\n \u003c/TASK\u003e\n\nThis patch tries to fix it by holding clcsock_release_lock and\nchecking whether clcsock has already been released before access.\n\nIn case that a crash of the same reason happens in smc_getsockopt()\nor smc_switch_to_fallback(), this patch also checkes smc-\u003eclcsock\nin them too. And the caller of smc_switch_to_fallback() will identify\nwhether fallback succeeds according to the return value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48751",
"url": "https://www.suse.com/security/cve/CVE-2022-48751"
},
{
"category": "external",
"summary": "SUSE Bug 1226653 for CVE-2022-48751",
"url": "https://bugzilla.suse.com/1226653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48751"
},
{
"cve": "CVE-2022-48752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending\n\nRunning selftest with CONFIG_PPC_IRQ_SOFT_MASK_DEBUG enabled in kernel\ntriggered below warning:\n\n[ 172.851380] ------------[ cut here ]------------\n[ 172.851391] WARNING: CPU: 8 PID: 2901 at arch/powerpc/include/asm/hw_irq.h:246 power_pmu_disable+0x270/0x280\n[ 172.851402] Modules linked in: dm_mod bonding nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink sunrpc xfs libcrc32c pseries_rng xts vmx_crypto uio_pdrv_genirq uio sch_fq_codel ip_tables ext4 mbcache jbd2 sd_mod t10_pi sg ibmvscsi ibmveth scsi_transport_srp fuse\n[ 172.851442] CPU: 8 PID: 2901 Comm: lost_exception_ Not tainted 5.16.0-rc5-03218-g798527287598 #2\n[ 172.851451] NIP: c00000000013d600 LR: c00000000013d5a4 CTR: c00000000013b180\n[ 172.851458] REGS: c000000017687860 TRAP: 0700 Not tainted (5.16.0-rc5-03218-g798527287598)\n[ 172.851465] MSR: 8000000000029033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 48004884 XER: 20040000\n[ 172.851482] CFAR: c00000000013d5b4 IRQMASK: 1\n[ 172.851482] GPR00: c00000000013d5a4 c000000017687b00 c000000002a10600 0000000000000004\n[ 172.851482] GPR04: 0000000082004000 c0000008ba08f0a8 0000000000000000 00000008b7ed0000\n[ 172.851482] GPR08: 00000000446194f6 0000000000008000 c00000000013b118 c000000000d58e68\n[ 172.851482] GPR12: c00000000013d390 c00000001ec54a80 0000000000000000 0000000000000000\n[ 172.851482] GPR16: 0000000000000000 0000000000000000 c000000015d5c708 c0000000025396d0\n[ 172.851482] GPR20: 0000000000000000 0000000000000000 c00000000a3bbf40 0000000000000003\n[ 172.851482] GPR24: 0000000000000000 c0000008ba097400 c0000000161e0d00 c00000000a3bb600\n[ 172.851482] GPR28: c000000015d5c700 0000000000000001 0000000082384090 c0000008ba0020d8\n[ 172.851549] NIP [c00000000013d600] power_pmu_disable+0x270/0x280\n[ 172.851557] LR [c00000000013d5a4] power_pmu_disable+0x214/0x280\n[ 172.851565] Call Trace:\n[ 172.851568] [c000000017687b00] [c00000000013d5a4] power_pmu_disable+0x214/0x280 (unreliable)\n[ 172.851579] [c000000017687b40] [c0000000003403ac] perf_pmu_disable+0x4c/0x60\n[ 172.851588] [c000000017687b60] [c0000000003445e4] __perf_event_task_sched_out+0x1d4/0x660\n[ 172.851596] [c000000017687c50] [c000000000d1175c] __schedule+0xbcc/0x12a0\n[ 172.851602] [c000000017687d60] [c000000000d11ea8] schedule+0x78/0x140\n[ 172.851608] [c000000017687d90] [c0000000001a8080] sys_sched_yield+0x20/0x40\n[ 172.851615] [c000000017687db0] [c0000000000334dc] system_call_exception+0x18c/0x380\n[ 172.851622] [c000000017687e10] [c00000000000c74c] system_call_common+0xec/0x268\n\nThe warning indicates that MSR_EE being set(interrupt enabled) when\nthere was an overflown PMC detected. This could happen in\npower_pmu_disable since it runs under interrupt soft disable\ncondition ( local_irq_save ) and not with interrupts hard disabled.\ncommit 2c9ac51b850d (\"powerpc/perf: Fix PMU callbacks to clear\npending PMI before resetting an overflown PMC\") intended to clear\nPMI pending bit in Paca when disabling the PMU. It could happen\nthat PMC gets overflown while code is in power_pmu_disable\ncallback function. Hence add a check to see if PMI pending bit\nis set in Paca before clearing it via clear_pmi_pending.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48752",
"url": "https://www.suse.com/security/cve/CVE-2022-48752"
},
{
"category": "external",
"summary": "SUSE Bug 1226709 for CVE-2022-48752",
"url": "https://bugzilla.suse.com/1226709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48752"
},
{
"cve": "CVE-2022-48754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphylib: fix potential use-after-free\n\nCommit bafbdd527d56 (\"phylib: Add device reset GPIO support\") added call\nto phy_device_reset(phydev) after the put_device() call in phy_detach().\n\nThe comment before the put_device() call says that the phydev might go\naway with put_device().\n\nFix potential use-after-free by calling phy_device_reset() before\nput_device().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48754",
"url": "https://www.suse.com/security/cve/CVE-2022-48754"
},
{
"category": "external",
"summary": "SUSE Bug 1226692 for CVE-2022-48754",
"url": "https://bugzilla.suse.com/1226692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48754"
},
{
"cve": "CVE-2022-48756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dsi: invalid parameter check in msm_dsi_phy_enable\n\nThe function performs a check on the \"phy\" input parameter, however, it\nis used before the check.\n\nInitialize the \"dev\" variable after the sanity check to avoid a possible\nNULL pointer dereference.\n\nAddresses-Coverity-ID: 1493860 (\"Null pointer dereference\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48756",
"url": "https://www.suse.com/security/cve/CVE-2022-48756"
},
{
"category": "external",
"summary": "SUSE Bug 1226698 for CVE-2022-48756",
"url": "https://bugzilla.suse.com/1226698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48756"
},
{
"cve": "CVE-2022-48758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()\n\nThe bnx2fc_destroy() functions are removing the interface before calling\ndestroy_work. This results multiple WARNings from sysfs_remove_group() as\nthe controller rport device attributes are removed too early.\n\nReplace the fcoe_port\u0027s destroy_work queue. It\u0027s not needed.\n\nThe problem is easily reproducible with the following steps.\n\nExample:\n\n $ dmesg -w \u0026\n $ systemctl enable --now fcoe\n $ fipvlan -s -c ens2f1\n $ fcoeadm -d ens2f1.802\n [ 583.464488] host2: libfc: Link down on port (7500a1)\n [ 583.472651] bnx2fc: 7500a1 - rport not created Yet!!\n [ 583.490468] ------------[ cut here ]------------\n [ 583.538725] sysfs group \u0027power\u0027 not found for kobject \u0027rport-2:0-0\u0027\n [ 583.568814] WARNING: CPU: 3 PID: 192 at fs/sysfs/group.c:279 sysfs_remove_group+0x6f/0x80\n [ 583.607130] Modules linked in: dm_service_time 8021q garp mrp stp llc bnx2fc cnic uio rpcsec_gss_krb5 auth_rpcgss nfsv4 ...\n [ 583.942994] CPU: 3 PID: 192 Comm: kworker/3:2 Kdump: loaded Not tainted 5.14.0-39.el9.x86_64 #1\n [ 583.984105] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013\n [ 584.016535] Workqueue: fc_wq_2 fc_rport_final_delete [scsi_transport_fc]\n [ 584.050691] RIP: 0010:sysfs_remove_group+0x6f/0x80\n [ 584.074725] Code: ff 5b 48 89 ef 5d 41 5c e9 ee c0 ff ff 48 89 ef e8 f6 b8 ff ff eb d1 49 8b 14 24 48 8b 33 48 c7 c7 ...\n [ 584.162586] RSP: 0018:ffffb567c15afdc0 EFLAGS: 00010282\n [ 584.188225] RAX: 0000000000000000 RBX: ffffffff8eec4220 RCX: 0000000000000000\n [ 584.221053] RDX: ffff8c1586ce84c0 RSI: ffff8c1586cd7cc0 RDI: ffff8c1586cd7cc0\n [ 584.255089] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb567c15afc00\n [ 584.287954] R10: ffffb567c15afbf8 R11: ffffffff8fbe7f28 R12: ffff8c1486326400\n [ 584.322356] R13: ffff8c1486326480 R14: ffff8c1483a4a000 R15: 0000000000000004\n [ 584.355379] FS: 0000000000000000(0000) GS:ffff8c1586cc0000(0000) knlGS:0000000000000000\n [ 584.394419] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 584.421123] CR2: 00007fe95a6f7840 CR3: 0000000107674002 CR4: 00000000000606e0\n [ 584.454888] Call Trace:\n [ 584.466108] device_del+0xb2/0x3e0\n [ 584.481701] device_unregister+0x13/0x60\n [ 584.501306] bsg_unregister_queue+0x5b/0x80\n [ 584.522029] bsg_remove_queue+0x1c/0x40\n [ 584.541884] fc_rport_final_delete+0xf3/0x1d0 [scsi_transport_fc]\n [ 584.573823] process_one_work+0x1e3/0x3b0\n [ 584.592396] worker_thread+0x50/0x3b0\n [ 584.609256] ? rescuer_thread+0x370/0x370\n [ 584.628877] kthread+0x149/0x170\n [ 584.643673] ? set_kthread_struct+0x40/0x40\n [ 584.662909] ret_from_fork+0x22/0x30\n [ 584.680002] ---[ end trace 53575ecefa942ece ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48758",
"url": "https://www.suse.com/security/cve/CVE-2022-48758"
},
{
"category": "external",
"summary": "SUSE Bug 1226708 for CVE-2022-48758",
"url": "https://bugzilla.suse.com/1226708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48758"
},
{
"cve": "CVE-2022-48759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev\n\nstruct rpmsg_ctrldev contains a struct cdev. The current code frees\nthe rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but the\ncdev is a managed object, therefore its release is not predictable\nand the rpmsg_ctrldev could be freed before the cdev is entirely\nreleased, as in the backtrace below.\n\n[ 93.625603] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x7c\n[ 93.636115] WARNING: CPU: 0 PID: 12 at lib/debugobjects.c:488 debug_print_object+0x13c/0x1b0\n[ 93.644799] Modules linked in: veth xt_cgroup xt_MASQUERADE rfcomm algif_hash algif_skcipher af_alg uinput ip6table_nat fuse uvcvideo videobuf2_vmalloc venus_enc venus_dec videobuf2_dma_contig hci_uart btandroid btqca snd_soc_rt5682_i2c bluetooth qcom_spmi_temp_alarm snd_soc_rt5682v\n[ 93.715175] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.4.163-lockdep #26\n[ 93.723855] Hardware name: Google Lazor (rev3 - 8) with LTE (DT)\n[ 93.730055] Workqueue: events kobject_delayed_cleanup\n[ 93.735271] pstate: 60c00009 (nZCv daif +PAN +UAO)\n[ 93.740216] pc : debug_print_object+0x13c/0x1b0\n[ 93.744890] lr : debug_print_object+0x13c/0x1b0\n[ 93.749555] sp : ffffffacf5bc7940\n[ 93.752978] x29: ffffffacf5bc7940 x28: dfffffd000000000\n[ 93.758448] x27: ffffffacdb11a800 x26: dfffffd000000000\n[ 93.763916] x25: ffffffd0734f856c x24: dfffffd000000000\n[ 93.769389] x23: 0000000000000000 x22: ffffffd0733c35b0\n[ 93.774860] x21: ffffffd0751994a0 x20: ffffffd075ec27c0\n[ 93.780338] x19: ffffffd075199100 x18: 00000000000276e0\n[ 93.785814] x17: 0000000000000000 x16: dfffffd000000000\n[ 93.791291] x15: ffffffffffffffff x14: 6e6968207473696c\n[ 93.796768] x13: 0000000000000000 x12: ffffffd075e2b000\n[ 93.802244] x11: 0000000000000001 x10: 0000000000000000\n[ 93.807723] x9 : d13400dff1921900 x8 : d13400dff1921900\n[ 93.813200] x7 : 0000000000000000 x6 : 0000000000000000\n[ 93.818676] x5 : 0000000000000080 x4 : 0000000000000000\n[ 93.824152] x3 : ffffffd0732a0fa4 x2 : 0000000000000001\n[ 93.829628] x1 : ffffffacf5bc7580 x0 : 0000000000000061\n[ 93.835104] Call trace:\n[ 93.837644] debug_print_object+0x13c/0x1b0\n[ 93.841963] __debug_check_no_obj_freed+0x25c/0x3c0\n[ 93.846987] debug_check_no_obj_freed+0x18/0x20\n[ 93.851669] slab_free_freelist_hook+0xbc/0x1e4\n[ 93.856346] kfree+0xfc/0x2f4\n[ 93.859416] rpmsg_ctrldev_release_device+0x78/0xb8\n[ 93.864445] device_release+0x84/0x168\n[ 93.868310] kobject_cleanup+0x12c/0x298\n[ 93.872356] kobject_delayed_cleanup+0x10/0x18\n[ 93.876948] process_one_work+0x578/0x92c\n[ 93.881086] worker_thread+0x804/0xcf8\n[ 93.884963] kthread+0x2a8/0x314\n[ 93.888303] ret_from_fork+0x10/0x18\n\nThe cdev_device_add/del() API was created to address this issue (see\ncommit \u0027233ed09d7fda (\"chardev: add helper function to register char\ndevs with a struct device\")\u0027), use it instead of cdev add/del().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48759",
"url": "https://www.suse.com/security/cve/CVE-2022-48759"
},
{
"category": "external",
"summary": "SUSE Bug 1226711 for CVE-2022-48759",
"url": "https://bugzilla.suse.com/1226711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48759"
},
{
"cve": "CVE-2022-48760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix hang in usb_kill_urb by adding memory barriers\n\nThe syzbot fuzzer has identified a bug in which processes hang waiting\nfor usb_kill_urb() to return. It turns out the issue is not unlinking\nthe URB; that works just fine. Rather, the problem arises when the\nwakeup notification that the URB has completed is not received.\n\nThe reason is memory-access ordering on SMP systems. In outline form,\nusb_kill_urb() and __usb_hcd_giveback_urb() operating concurrently on\ndifferent CPUs perform the following actions:\n\nCPU 0\t\t\t\t\tCPU 1\n----------------------------\t\t---------------------------------\nusb_kill_urb():\t\t\t\t__usb_hcd_giveback_urb():\n ...\t\t\t\t\t ...\n atomic_inc(\u0026urb-\u003ereject);\t\t atomic_dec(\u0026urb-\u003euse_count);\n ...\t\t\t\t\t ...\n wait_event(usb_kill_urb_queue,\n\tatomic_read(\u0026urb-\u003euse_count) == 0);\n\t\t\t\t\t if (atomic_read(\u0026urb-\u003ereject))\n\t\t\t\t\t\twake_up(\u0026usb_kill_urb_queue);\n\nConfining your attention to urb-\u003ereject and urb-\u003euse_count, you can\nsee that the overall pattern of accesses on CPU 0 is:\n\n\twrite urb-\u003ereject, then read urb-\u003euse_count;\n\nwhereas the overall pattern of accesses on CPU 1 is:\n\n\twrite urb-\u003euse_count, then read urb-\u003ereject.\n\nThis pattern is referred to in memory-model circles as SB (for \"Store\nBuffering\"), and it is well known that without suitable enforcement of\nthe desired order of accesses -- in the form of memory barriers -- it\nis entirely possible for one or both CPUs to execute their reads ahead\nof their writes. The end result will be that sometimes CPU 0 sees the\nold un-decremented value of urb-\u003euse_count while CPU 1 sees the old\nun-incremented value of urb-\u003ereject. Consequently CPU 0 ends up on\nthe wait queue and never gets woken up, leading to the observed hang\nin usb_kill_urb().\n\nThe same pattern of accesses occurs in usb_poison_urb() and the\nfailure pathway of usb_hcd_submit_urb().\n\nThe problem is fixed by adding suitable memory barriers. To provide\nproper memory-access ordering in the SB pattern, a full barrier is\nrequired on both CPUs. The atomic_inc() and atomic_dec() accesses\nthemselves don\u0027t provide any memory ordering, but since they are\npresent, we can use the optimized smp_mb__after_atomic() memory\nbarrier in the various routines to obtain the desired effect.\n\nThis patch adds the necessary memory barriers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48760",
"url": "https://www.suse.com/security/cve/CVE-2022-48760"
},
{
"category": "external",
"summary": "SUSE Bug 1226712 for CVE-2022-48760",
"url": "https://bugzilla.suse.com/1226712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48760"
},
{
"cve": "CVE-2022-48761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci-plat: fix crash when suspend if remote wake enable\n\nCrashed at i.mx8qm platform when suspend if enable remote wakeup\n\nInternal error: synchronous external abort: 96000210 [#1] PREEMPT SMP\nModules linked in:\nCPU: 2 PID: 244 Comm: kworker/u12:6 Not tainted 5.15.5-dirty #12\nHardware name: Freescale i.MX8QM MEK (DT)\nWorkqueue: events_unbound async_run_entry_fn\npstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : xhci_disable_hub_port_wake.isra.62+0x60/0xf8\nlr : xhci_disable_hub_port_wake.isra.62+0x34/0xf8\nsp : ffff80001394bbf0\nx29: ffff80001394bbf0 x28: 0000000000000000 x27: ffff00081193b578\nx26: ffff00081193b570 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff00081193a29c x22: 0000000000020001 x21: 0000000000000001\nx20: 0000000000000000 x19: ffff800014e90490 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000002 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000960 x9 : ffff80001394baa0\nx8 : ffff0008145d1780 x7 : ffff0008f95b8e80 x6 : 000000001853b453\nx5 : 0000000000000496 x4 : 0000000000000000 x3 : ffff00081193a29c\nx2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff000814591620\nCall trace:\n xhci_disable_hub_port_wake.isra.62+0x60/0xf8\n xhci_suspend+0x58/0x510\n xhci_plat_suspend+0x50/0x78\n platform_pm_suspend+0x2c/0x78\n dpm_run_callback.isra.25+0x50/0xe8\n __device_suspend+0x108/0x3c0\n\nThe basic flow:\n\t1. run time suspend call xhci_suspend, xhci parent devices gate the clock.\n 2. echo mem \u003e/sys/power/state, system _device_suspend call xhci_suspend\n 3. xhci_suspend call xhci_disable_hub_port_wake, which access register,\n\t but clock already gated by run time suspend.\n\nThis problem was hidden by power domain driver, which call run time resume before it.\n\nBut the below commit remove it and make this issue happen.\n\tcommit c1df456d0f06e (\"PM: domains: Don\u0027t runtime resume devices at genpd_prepare()\")\n\nThis patch call run time resume before suspend to make sure clock is on\nbefore access register.\n\nTesteb-by: Abel Vesa \u003cabel.vesa@nxp.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48761",
"url": "https://www.suse.com/security/cve/CVE-2022-48761"
},
{
"category": "external",
"summary": "SUSE Bug 1226701 for CVE-2022-48761",
"url": "https://bugzilla.suse.com/1226701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48761"
},
{
"cve": "CVE-2022-48763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Forcibly leave nested virt when SMM state is toggled\n\nForcibly leave nested virtualization operation if userspace toggles SMM\nstate via KVM_SET_VCPU_EVENTS or KVM_SYNC_X86_EVENTS. If userspace\nforces the vCPU out of SMM while it\u0027s post-VMXON and then injects an SMI,\nvmx_enter_smm() will overwrite vmx-\u003enested.smm.vmxon and end up with both\nvmxon=false and smm.vmxon=false, but all other nVMX state allocated.\n\nDon\u0027t attempt to gracefully handle the transition as (a) most transitions\nare nonsencial, e.g. forcing SMM while L2 is running, (b) there isn\u0027t\nsufficient information to handle all transitions, e.g. SVM wants access\nto the SMRAM save state, and (c) KVM_SET_VCPU_EVENTS must precede\nKVM_SET_NESTED_STATE during state restore as the latter disallows putting\nthe vCPU into L2 if SMM is active, and disallows tagging the vCPU as\nbeing post-VMXON in SMM if SMM is not active.\n\nAbuse of KVM_SET_VCPU_EVENTS manifests as a WARN and memory leak in nVMX\ndue to failure to free vmcs01\u0027s shadow VMCS, but the bug goes far beyond\njust a memory leak, e.g. toggling SMM on while L2 is active puts the vCPU\nin an architecturally impossible state.\n\n WARNING: CPU: 0 PID: 3606 at free_loaded_vmcs arch/x86/kvm/vmx/vmx.c:2665 [inline]\n WARNING: CPU: 0 PID: 3606 at free_loaded_vmcs+0x158/0x1a0 arch/x86/kvm/vmx/vmx.c:2656\n Modules linked in:\n CPU: 1 PID: 3606 Comm: syz-executor725 Not tainted 5.17.0-rc1-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n RIP: 0010:free_loaded_vmcs arch/x86/kvm/vmx/vmx.c:2665 [inline]\n RIP: 0010:free_loaded_vmcs+0x158/0x1a0 arch/x86/kvm/vmx/vmx.c:2656\n Code: \u003c0f\u003e 0b eb b3 e8 8f 4d 9f 00 e9 f7 fe ff ff 48 89 df e8 92 4d 9f 00\n Call Trace:\n \u003cTASK\u003e\n kvm_arch_vcpu_destroy+0x72/0x2f0 arch/x86/kvm/x86.c:11123\n kvm_vcpu_destroy arch/x86/kvm/../../../virt/kvm/kvm_main.c:441 [inline]\n kvm_destroy_vcpus+0x11f/0x290 arch/x86/kvm/../../../virt/kvm/kvm_main.c:460\n kvm_free_vcpus arch/x86/kvm/x86.c:11564 [inline]\n kvm_arch_destroy_vm+0x2e8/0x470 arch/x86/kvm/x86.c:11676\n kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:1217 [inline]\n kvm_put_kvm+0x4fa/0xb00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1250\n kvm_vm_release+0x3f/0x50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1273\n __fput+0x286/0x9f0 fs/file_table.c:311\n task_work_run+0xdd/0x1a0 kernel/task_work.c:164\n exit_task_work include/linux/task_work.h:32 [inline]\n do_exit+0xb29/0x2a30 kernel/exit.c:806\n do_group_exit+0xd2/0x2f0 kernel/exit.c:935\n get_signal+0x4b0/0x28c0 kernel/signal.c:2862\n arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868\n handle_signal_work kernel/entry/common.c:148 [inline]\n exit_to_user_mode_loop kernel/entry/common.c:172 [inline]\n exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207\n __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]\n syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300\n do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48763",
"url": "https://www.suse.com/security/cve/CVE-2022-48763"
},
{
"category": "external",
"summary": "SUSE Bug 1226628 for CVE-2022-48763",
"url": "https://bugzilla.suse.com/1226628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48763"
},
{
"cve": "CVE-2022-48765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: LAPIC: Also cancel preemption timer during SET_LAPIC\n\nThe below warning is splatting during guest reboot.\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm]\n CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5\n RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm]\n Call Trace:\n \u003cTASK\u003e\n kvm_vcpu_ioctl+0x279/0x710 [kvm]\n __x64_sys_ioctl+0x83/0xb0\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7fd39797350b\n\nThis can be triggered by not exposing tsc-deadline mode and doing a reboot in\nthe guest. The lapic_shutdown() function which is called in sys_reboot path\nwill not disarm the flying timer, it just masks LVTT. lapic_shutdown() clears\nAPIC state w/ LVT_MASKED and timer-mode bit is 0, this can trigger timer-mode\nswitch between tsc-deadline and oneshot/periodic, which can result in preemption\ntimer be cancelled in apic_update_lvtt(). However, We can\u0027t depend on this when\nnot exposing tsc-deadline mode and oneshot/periodic modes emulated by preemption\ntimer. Qemu will synchronise states around reset, let\u0027s cancel preemption timer\nunder KVM_SET_LAPIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48765",
"url": "https://www.suse.com/security/cve/CVE-2022-48765"
},
{
"category": "external",
"summary": "SUSE Bug 1226697 for CVE-2022-48765",
"url": "https://bugzilla.suse.com/1226697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48765"
},
{
"cve": "CVE-2022-48767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: properly put ceph_string reference after async create attempt\n\nThe reference acquired by try_prep_async_create is currently leaked.\nEnsure we put it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48767",
"url": "https://www.suse.com/security/cve/CVE-2022-48767"
},
{
"category": "external",
"summary": "SUSE Bug 1226715 for CVE-2022-48767",
"url": "https://bugzilla.suse.com/1226715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48767"
},
{
"cve": "CVE-2022-48768",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48768"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/histogram: Fix a potential memory leak for kstrdup()\n\nkfree() is missing on an error path to free the memory allocated by\nkstrdup():\n\n p = param = kstrdup(data-\u003eparams[i], GFP_KERNEL);\n\nSo it is better to free it via kfree(p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48768",
"url": "https://www.suse.com/security/cve/CVE-2022-48768"
},
{
"category": "external",
"summary": "SUSE Bug 1226720 for CVE-2022-48768",
"url": "https://bugzilla.suse.com/1226720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48768"
},
{
"cve": "CVE-2022-48769",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48769"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: runtime: avoid EFIv2 runtime services on Apple x86 machines\n\nAditya reports [0] that his recent MacbookPro crashes in the firmware\nwhen using the variable services at runtime. The culprit appears to be a\ncall to QueryVariableInfo(), which we did not use to call on Apple x86\nmachines in the past as they only upgraded from EFI v1.10 to EFI v2.40\nfirmware fairly recently, and QueryVariableInfo() (along with\nUpdateCapsule() et al) was added in EFI v2.00.\n\nThe only runtime service introduced in EFI v2.00 that we actually use in\nLinux is QueryVariableInfo(), as the capsule based ones are optional,\ngenerally not used at runtime (all the LVFS/fwupd firmware update\ninfrastructure uses helper EFI programs that invoke capsule update at\nboot time, not runtime), and not implemented by Apple machines in the\nfirst place. QueryVariableInfo() is used to \u0027safely\u0027 set variables,\ni.e., only when there is enough space. This prevents machines with buggy\nfirmwares from corrupting their NVRAMs when they run out of space.\n\nGiven that Apple machines have been using EFI v1.10 services only for\nthe longest time (the EFI v2.0 spec was released in 2006, and Linux\nsupport for the newly introduced runtime services was added in 2011, but\nthe MacbookPro12,1 released in 2015 still claims to be EFI v1.10 only),\nlet\u0027s avoid the EFI v2.0 ones on all Apple x86 machines.\n\n[0] https://lore.kernel.org/all/6D757C75-65B1-468B-842D-10410081A8E4@live.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48769",
"url": "https://www.suse.com/security/cve/CVE-2022-48769"
},
{
"category": "external",
"summary": "SUSE Bug 1226629 for CVE-2022-48769",
"url": "https://bugzilla.suse.com/1226629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48769"
},
{
"cve": "CVE-2022-48771",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48771"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix stale file descriptors on failed usercopy\n\nA failing usercopy of the fence_rep object will lead to a stale entry in\nthe file descriptor table as put_unused_fd() won\u0027t release it. This\nenables userland to refer to a dangling \u0027file\u0027 object through that still\nvalid file descriptor, leading to all kinds of use-after-free\nexploitation scenarios.\n\nFix this by deferring the call to fd_install() until after the usercopy\nhas succeeded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48771",
"url": "https://www.suse.com/security/cve/CVE-2022-48771"
},
{
"category": "external",
"summary": "SUSE Bug 1226732 for CVE-2022-48771",
"url": "https://bugzilla.suse.com/1226732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48771"
},
{
"cve": "CVE-2022-48773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create\n\nIf there are failures then we must not leave the non-NULL pointers with\nthe error value, otherwise `rpcrdma_ep_destroy` gets confused and tries\nfree them, resulting in an Oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48773",
"url": "https://www.suse.com/security/cve/CVE-2022-48773"
},
{
"category": "external",
"summary": "SUSE Bug 1227921 for CVE-2022-48773",
"url": "https://bugzilla.suse.com/1227921"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48773"
},
{
"cve": "CVE-2022-48774",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48774"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ptdma: Fix the error handling path in pt_core_init()\n\nIn order to free resources correctly in the error handling path of\npt_core_init(), 2 goto\u0027s have to be switched. Otherwise, some resources\nwill leak and we will try to release things that have not been allocated\nyet.\n\nAlso move a dev_err() to a place where it is more meaningful.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48774",
"url": "https://www.suse.com/security/cve/CVE-2022-48774"
},
{
"category": "external",
"summary": "SUSE Bug 1227923 for CVE-2022-48774",
"url": "https://bugzilla.suse.com/1227923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48774"
},
{
"cve": "CVE-2022-48775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj\n\nkobject_init_and_add() takes reference even when it fails.\nAccording to the doc of kobject_init_and_add():\n\n If this function returns an error, kobject_put() must be called to\n properly clean up the memory associated with the object.\n\nFix memory leak by calling kobject_put().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48775",
"url": "https://www.suse.com/security/cve/CVE-2022-48775"
},
{
"category": "external",
"summary": "SUSE Bug 1227924 for CVE-2022-48775",
"url": "https://bugzilla.suse.com/1227924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48775"
},
{
"cve": "CVE-2022-48776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: parsers: qcom: Fix missing free for pparts in cleanup\n\nMtdpart doesn\u0027t free pparts when a cleanup function is declared.\nAdd missing free for pparts in cleanup function for smem to fix the\nleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48776",
"url": "https://www.suse.com/security/cve/CVE-2022-48776"
},
{
"category": "external",
"summary": "SUSE Bug 1227925 for CVE-2022-48776",
"url": "https://bugzilla.suse.com/1227925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "low"
}
],
"title": "CVE-2022-48776"
},
{
"cve": "CVE-2022-48777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48777"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: parsers: qcom: Fix kernel panic on skipped partition\n\nIn the event of a skipped partition (case when the entry name is empty)\nthe kernel panics in the cleanup function as the name entry is NULL.\nRework the parser logic by first checking the real partition number and\nthen allocate the space and set the data for the valid partitions.\n\nThe logic was also fundamentally wrong as with a skipped partition, the\nparts number returned was incorrect by not decreasing it for the skipped\npartitions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48777",
"url": "https://www.suse.com/security/cve/CVE-2022-48777"
},
{
"category": "external",
"summary": "SUSE Bug 1227922 for CVE-2022-48777",
"url": "https://bugzilla.suse.com/1227922"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48777"
},
{
"cve": "CVE-2022-48778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48778"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: gpmi: don\u0027t leak PM reference in error path\n\nIf gpmi_nfc_apply_timings() fails, the PM runtime usage counter must be\ndropped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48778",
"url": "https://www.suse.com/security/cve/CVE-2022-48778"
},
{
"category": "external",
"summary": "SUSE Bug 1227935 for CVE-2022-48778",
"url": "https://bugzilla.suse.com/1227935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48778"
},
{
"cve": "CVE-2022-48780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Avoid overwriting the copies of clcsock callback functions\n\nThe callback functions of clcsock will be saved and replaced during\nthe fallback. But if the fallback happens more than once, then the\ncopies of these callback functions will be overwritten incorrectly,\nresulting in a loop call issue:\n\nclcsk-\u003esk_error_report\n |- smc_fback_error_report() \u003c------------------------------|\n |- smc_fback_forward_wakeup() | (loop)\n |- clcsock_callback() (incorrectly overwritten) |\n |- smc-\u003eclcsk_error_report() ------------------|\n\nSo this patch fixes the issue by saving these function pointers only\nonce in the fallback and avoiding overwriting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48780",
"url": "https://www.suse.com/security/cve/CVE-2022-48780"
},
{
"category": "external",
"summary": "SUSE Bug 1227995 for CVE-2022-48780",
"url": "https://bugzilla.suse.com/1227995"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48780"
},
{
"cve": "CVE-2022-48783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48783"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: lantiq_gswip: fix use after free in gswip_remove()\n\nof_node_put(priv-\u003eds-\u003eslave_mii_bus-\u003edev.of_node) should be\ndone before mdiobus_free(priv-\u003eds-\u003eslave_mii_bus).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48783",
"url": "https://www.suse.com/security/cve/CVE-2022-48783"
},
{
"category": "external",
"summary": "SUSE Bug 1227949 for CVE-2022-48783",
"url": "https://bugzilla.suse.com/1227949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48783"
},
{
"cve": "CVE-2022-48784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncfg80211: fix race in netlink owner interface destruction\n\nMy previous fix here to fix the deadlock left a race where\nthe exact same deadlock (see the original commit referenced\nbelow) can still happen if cfg80211_destroy_ifaces() already\nruns while nl80211_netlink_notify() is still marking some\ninterfaces as nl_owner_dead.\n\nThe race happens because we have two loops here - first we\ndev_close() all the netdevs, and then we destroy them. If we\nalso have two netdevs (first one need only be a wdev though)\nthen we can find one during the first iteration, close it,\nand go to the second iteration -- but then find two, and try\nto destroy also the one we didn\u0027t close yet.\n\nFix this by only iterating once.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48784",
"url": "https://www.suse.com/security/cve/CVE-2022-48784"
},
{
"category": "external",
"summary": "SUSE Bug 1227938 for CVE-2022-48784",
"url": "https://bugzilla.suse.com/1227938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48784"
},
{
"cve": "CVE-2022-48786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48786"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: remove vsock from connected table when connect is interrupted by a signal\n\nvsock_connect() expects that the socket could already be in the\nTCP_ESTABLISHED state when the connecting task wakes up with a signal\npending. If this happens the socket will be in the connected table, and\nit is not removed when the socket state is reset. In this situation it\u0027s\ncommon for the process to retry connect(), and if the connection is\nsuccessful the socket will be added to the connected table a second\ntime, corrupting the list.\n\nPrevent this by calling vsock_remove_connected() if a signal is received\nwhile waiting for a connection. This is harmless if the socket is not in\nthe connected table, and if it is in the table then removing it will\nprevent list corruption from a double add.\n\nNote for backporting: this patch requires d5afa82c977e (\"vsock: correct\nremoval of socket from the list\"), which is in all current stable trees\nexcept 4.9.y.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48786",
"url": "https://www.suse.com/security/cve/CVE-2022-48786"
},
{
"category": "external",
"summary": "SUSE Bug 1227996 for CVE-2022-48786",
"url": "https://bugzilla.suse.com/1227996"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48786"
},
{
"cve": "CVE-2022-48787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48787"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niwlwifi: fix use-after-free\n\nIf no firmware was present at all (or, presumably, all of the\nfirmware files failed to parse), we end up unbinding by calling\ndevice_release_driver(), which calls remove(), which then in\niwlwifi calls iwl_drv_stop(), freeing the \u0027drv\u0027 struct. However\nthe new code I added will still erroneously access it after it\nwas freed.\n\nSet \u0027failure=false\u0027 in this case to avoid the access, all data\nwas already freed anyway.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48787",
"url": "https://www.suse.com/security/cve/CVE-2022-48787"
},
{
"category": "external",
"summary": "SUSE Bug 1227932 for CVE-2022-48787",
"url": "https://bugzilla.suse.com/1227932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48787"
},
{
"cve": "CVE-2022-48788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-rdma: fix possible use-after-free in transport error_recovery work\n\nWhile nvme_rdma_submit_async_event_work is checking the ctrl and queue\nstate before preparing the AER command and scheduling io_work, in order\nto fully prevent a race where this check is not reliable the error\nrecovery work must flush async_event_work before continuing to destroy\nthe admin queue after setting the ctrl state to RESETTING such that\nthere is no race .submit_async_event and the error recovery handler\nitself changing the ctrl state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48788",
"url": "https://www.suse.com/security/cve/CVE-2022-48788"
},
{
"category": "external",
"summary": "SUSE Bug 1227952 for CVE-2022-48788",
"url": "https://bugzilla.suse.com/1227952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48788"
},
{
"cve": "CVE-2022-48789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48789"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix possible use-after-free in transport error_recovery work\n\nWhile nvme_tcp_submit_async_event_work is checking the ctrl and queue\nstate before preparing the AER command and scheduling io_work, in order\nto fully prevent a race where this check is not reliable the error\nrecovery work must flush async_event_work before continuing to destroy\nthe admin queue after setting the ctrl state to RESETTING such that\nthere is no race .submit_async_event and the error recovery handler\nitself changing the ctrl state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48789",
"url": "https://www.suse.com/security/cve/CVE-2022-48789"
},
{
"category": "external",
"summary": "SUSE Bug 1228000 for CVE-2022-48789",
"url": "https://bugzilla.suse.com/1228000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48789"
},
{
"cve": "CVE-2022-48790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix a possible use-after-free in controller reset during load\n\nUnlike .queue_rq, in .submit_async_event drivers may not check the ctrl\nreadiness for AER submission. This may lead to a use-after-free\ncondition that was observed with nvme-tcp.\n\nThe race condition may happen in the following scenario:\n1. driver executes its reset_ctrl_work\n2. -\u003e nvme_stop_ctrl - flushes ctrl async_event_work\n3. ctrl sends AEN which is received by the host, which in turn\n schedules AEN handling\n4. teardown admin queue (which releases the queue socket)\n5. AEN processed, submits another AER, calling the driver to submit\n6. driver attempts to send the cmd\n==\u003e use-after-free\n\nIn order to fix that, add ctrl state check to validate the ctrl\nis actually able to accept the AER submission.\n\nThis addresses the above race in controller resets because the driver\nduring teardown should:\n1. change ctrl state to RESETTING\n2. flush async_event_work (as well as other async work elements)\n\nSo after 1,2, any other AER command will find the\nctrl state to be RESETTING and bail out without submitting the AER.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48790",
"url": "https://www.suse.com/security/cve/CVE-2022-48790"
},
{
"category": "external",
"summary": "SUSE Bug 1227941 for CVE-2022-48790",
"url": "https://bugzilla.suse.com/1227941"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48790"
},
{
"cve": "CVE-2022-48791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted TMF sas_task\n\nCurrently a use-after-free may occur if a TMF sas_task is aborted before we\nhandle the IO completion in mpi_ssp_completion(). The abort occurs due to\ntimeout.\n\nWhen the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the\nsas_task is freed in pm8001_exec_internal_tmf_task().\n\nHowever, if the I/O completion occurs later, the I/O completion still\nthinks that the sas_task is available. Fix this by clearing the ccb-\u003etask\nif the TMF times out - the I/O completion handler does nothing if this\npointer is cleared.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48791",
"url": "https://www.suse.com/security/cve/CVE-2022-48791"
},
{
"category": "external",
"summary": "SUSE Bug 1228002 for CVE-2022-48791",
"url": "https://bugzilla.suse.com/1228002"
},
{
"category": "external",
"summary": "SUSE Bug 1228012 for CVE-2022-48791",
"url": "https://bugzilla.suse.com/1228012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2022-48791"
},
{
"cve": "CVE-2022-48792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task\n\nCurrently a use-after-free may occur if a sas_task is aborted by the upper\nlayer before we handle the I/O completion in mpi_ssp_completion() or\nmpi_sata_completion().\n\nIn this case, the following are the two steps in handling those I/O\ncompletions:\n\n - Call complete() to inform the upper layer handler of completion of\n the I/O.\n\n - Release driver resources associated with the sas_task in\n pm8001_ccb_task_free() call.\n\nWhen complete() is called, the upper layer may free the sas_task. As such,\nwe should not touch the associated sas_task afterwards, but we do so in the\npm8001_ccb_task_free() call.\n\nFix by swapping the complete() and pm8001_ccb_task_free() calls ordering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48792",
"url": "https://www.suse.com/security/cve/CVE-2022-48792"
},
{
"category": "external",
"summary": "SUSE Bug 1228013 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228013"
},
{
"category": "external",
"summary": "SUSE Bug 1228017 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2022-48792"
},
{
"cve": "CVE-2022-48793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: nSVM: fix potential NULL derefernce on nested migration\n\nTurns out that due to review feedback and/or rebases\nI accidentally moved the call to nested_svm_load_cr3 to be too early,\nbefore the NPT is enabled, which is very wrong to do.\n\nKVM can\u0027t even access guest memory at that point as nested NPT\nis needed for that, and of course it won\u0027t initialize the walk_mmu,\nwhich is main issue the patch was addressing.\n\nFix this for real.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48793",
"url": "https://www.suse.com/security/cve/CVE-2022-48793"
},
{
"category": "external",
"summary": "SUSE Bug 1228019 for CVE-2022-48793",
"url": "https://bugzilla.suse.com/1228019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48793"
},
{
"cve": "CVE-2022-48794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: at86rf230: Stop leaking skb\u0027s\n\nUpon error the ieee802154_xmit_complete() helper is not called. Only\nieee802154_wake_queue() is called manually. In the Tx case we then leak\nthe skb structure.\n\nFree the skb structure upon error before returning when appropriate.\n\nAs the \u0027is_tx = 0\u0027 cannot be moved in the complete handler because of a\npossible race between the delay in switching to STATE_RX_AACK_ON and a\nnew interrupt, we introduce an intermediate \u0027was_tx\u0027 boolean just for\nthis purpose.\n\nThere is no Fixes tag applying here, many changes have been made on this\narea and the issue kind of always existed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48794",
"url": "https://www.suse.com/security/cve/CVE-2022-48794"
},
{
"category": "external",
"summary": "SUSE Bug 1228025 for CVE-2022-48794",
"url": "https://bugzilla.suse.com/1228025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "low"
}
],
"title": "CVE-2022-48794"
},
{
"cve": "CVE-2022-48796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Fix potential use-after-free during probe\n\nKasan has reported the following use after free on dev-\u003eiommu.\nwhen a device probe fails and it is in process of freeing dev-\u003eiommu\nin dev_iommu_free function, a deferred_probe_work_func runs in parallel\nand tries to access dev-\u003eiommu-\u003efwspec in of_iommu_configure path thus\ncausing use after free.\n\nBUG: KASAN: use-after-free in of_iommu_configure+0xb4/0x4a4\nRead of size 8 at addr ffffff87a2f1acb8 by task kworker/u16:2/153\n\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n dump_backtrace+0x0/0x33c\n show_stack+0x18/0x24\n dump_stack_lvl+0x16c/0x1e0\n print_address_description+0x84/0x39c\n __kasan_report+0x184/0x308\n kasan_report+0x50/0x78\n __asan_load8+0xc0/0xc4\n of_iommu_configure+0xb4/0x4a4\n of_dma_configure_id+0x2fc/0x4d4\n platform_dma_configure+0x40/0x5c\n really_probe+0x1b4/0xb74\n driver_probe_device+0x11c/0x228\n __device_attach_driver+0x14c/0x304\n bus_for_each_drv+0x124/0x1b0\n __device_attach+0x25c/0x334\n device_initial_probe+0x24/0x34\n bus_probe_device+0x78/0x134\n deferred_probe_work_func+0x130/0x1a8\n process_one_work+0x4c8/0x970\n worker_thread+0x5c8/0xaec\n kthread+0x1f8/0x220\n ret_from_fork+0x10/0x18\n\nAllocated by task 1:\n ____kasan_kmalloc+0xd4/0x114\n __kasan_kmalloc+0x10/0x1c\n kmem_cache_alloc_trace+0xe4/0x3d4\n __iommu_probe_device+0x90/0x394\n probe_iommu_group+0x70/0x9c\n bus_for_each_dev+0x11c/0x19c\n bus_iommu_probe+0xb8/0x7d4\n bus_set_iommu+0xcc/0x13c\n arm_smmu_bus_init+0x44/0x130 [arm_smmu]\n arm_smmu_device_probe+0xb88/0xc54 [arm_smmu]\n platform_drv_probe+0xe4/0x13c\n really_probe+0x2c8/0xb74\n driver_probe_device+0x11c/0x228\n device_driver_attach+0xf0/0x16c\n __driver_attach+0x80/0x320\n bus_for_each_dev+0x11c/0x19c\n driver_attach+0x38/0x48\n bus_add_driver+0x1dc/0x3a4\n driver_register+0x18c/0x244\n __platform_driver_register+0x88/0x9c\n init_module+0x64/0xff4 [arm_smmu]\n do_one_initcall+0x17c/0x2f0\n do_init_module+0xe8/0x378\n load_module+0x3f80/0x4a40\n __se_sys_finit_module+0x1a0/0x1e4\n __arm64_sys_finit_module+0x44/0x58\n el0_svc_common+0x100/0x264\n do_el0_svc+0x38/0xa4\n el0_svc+0x20/0x30\n el0_sync_handler+0x68/0xac\n el0_sync+0x160/0x180\n\nFreed by task 1:\n kasan_set_track+0x4c/0x84\n kasan_set_free_info+0x28/0x4c\n ____kasan_slab_free+0x120/0x15c\n __kasan_slab_free+0x18/0x28\n slab_free_freelist_hook+0x204/0x2fc\n kfree+0xfc/0x3a4\n __iommu_probe_device+0x284/0x394\n probe_iommu_group+0x70/0x9c\n bus_for_each_dev+0x11c/0x19c\n bus_iommu_probe+0xb8/0x7d4\n bus_set_iommu+0xcc/0x13c\n arm_smmu_bus_init+0x44/0x130 [arm_smmu]\n arm_smmu_device_probe+0xb88/0xc54 [arm_smmu]\n platform_drv_probe+0xe4/0x13c\n really_probe+0x2c8/0xb74\n driver_probe_device+0x11c/0x228\n device_driver_attach+0xf0/0x16c\n __driver_attach+0x80/0x320\n bus_for_each_dev+0x11c/0x19c\n driver_attach+0x38/0x48\n bus_add_driver+0x1dc/0x3a4\n driver_register+0x18c/0x244\n __platform_driver_register+0x88/0x9c\n init_module+0x64/0xff4 [arm_smmu]\n do_one_initcall+0x17c/0x2f0\n do_init_module+0xe8/0x378\n load_module+0x3f80/0x4a40\n __se_sys_finit_module+0x1a0/0x1e4\n __arm64_sys_finit_module+0x44/0x58\n el0_svc_common+0x100/0x264\n do_el0_svc+0x38/0xa4\n el0_svc+0x20/0x30\n el0_sync_handler+0x68/0xac\n el0_sync+0x160/0x180\n\nFix this by setting dev-\u003eiommu to NULL first and\nthen freeing dev_iommu structure in dev_iommu_free\nfunction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48796",
"url": "https://www.suse.com/security/cve/CVE-2022-48796"
},
{
"category": "external",
"summary": "SUSE Bug 1228028 for CVE-2022-48796",
"url": "https://bugzilla.suse.com/1228028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48796"
},
{
"cve": "CVE-2022-48797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: don\u0027t try to NUMA-migrate COW pages that have other uses\n\nOded Gabbay reports that enabling NUMA balancing causes corruption with\nhis Gaudi accelerator test load:\n\n \"All the details are in the bug, but the bottom line is that somehow,\n this patch causes corruption when the numa balancing feature is\n enabled AND we don\u0027t use process affinity AND we use GUP to pin pages\n so our accelerator can DMA to/from system memory.\n\n Either disabling numa balancing, using process affinity to bind to\n specific numa-node or reverting this patch causes the bug to\n disappear\"\n\nand Oded bisected the issue to commit 09854ba94c6a (\"mm: do_wp_page()\nsimplification\").\n\nNow, the NUMA balancing shouldn\u0027t actually be changing the writability\nof a page, and as such shouldn\u0027t matter for COW. But it appears it\ndoes. Suspicious.\n\nHowever, regardless of that, the condition for enabling NUMA faults in\nchange_pte_range() is nonsensical. It uses \"page_mapcount(page)\" to\ndecide if a COW page should be NUMA-protected or not, and that makes\nabsolutely no sense.\n\nThe number of mappings a page has is irrelevant: not only does GUP get a\nreference to a page as in Oded\u0027s case, but the other mappings migth be\npaged out and the only reference to them would be in the page count.\n\nSince we should never try to NUMA-balance a page that we can\u0027t move\nanyway due to other references, just fix the code to use \u0027page_count()\u0027.\nOded confirms that that fixes his issue.\n\nNow, this does imply that something in NUMA balancing ends up changing\npage protections (other than the obvious one of making the page\ninaccessible to get the NUMA faulting information). Otherwise the COW\nsimplification wouldn\u0027t matter - since doing the GUP on the page would\nmake sure it\u0027s writable.\n\nThe cause of that permission change would be good to figure out too,\nsince it clearly results in spurious COW events - but fixing the\nnonsensical test that just happened to work before is obviously the\nCorrectThing(tm) to do regardless.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48797",
"url": "https://www.suse.com/security/cve/CVE-2022-48797"
},
{
"category": "external",
"summary": "SUSE Bug 1228035 for CVE-2022-48797",
"url": "https://bugzilla.suse.com/1228035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48797"
},
{
"cve": "CVE-2022-48798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cio: verify the driver availability for path_event call\n\nIf no driver is attached to a device or the driver does not provide the\npath_event function, an FCES path-event on this device could end up in a\nkernel-panic. Verify the driver availability before the path_event\nfunction call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48798",
"url": "https://www.suse.com/security/cve/CVE-2022-48798"
},
{
"category": "external",
"summary": "SUSE Bug 1227945 for CVE-2022-48798",
"url": "https://bugzilla.suse.com/1227945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48798"
},
{
"cve": "CVE-2022-48799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix list corruption in perf_cgroup_switch()\n\nThere\u0027s list corruption on cgrp_cpuctx_list. This happens on the\nfollowing path:\n\n perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list)\n cpu_ctx_sched_in\n ctx_sched_in\n ctx_pinned_sched_in\n merge_sched_in\n perf_cgroup_event_disable: remove the event from the list\n\nUse list_for_each_entry_safe() to allow removing an entry during\niteration.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48799",
"url": "https://www.suse.com/security/cve/CVE-2022-48799"
},
{
"category": "external",
"summary": "SUSE Bug 1227953 for CVE-2022-48799",
"url": "https://bugzilla.suse.com/1227953"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48799"
},
{
"cve": "CVE-2022-48800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmscan: remove deadlock due to throttling failing to make progress\n\nA soft lockup bug in kcompactd was reported in a private bugzilla with\nthe following visible in dmesg;\n\n watchdog: BUG: soft lockup - CPU#33 stuck for 26s! [kcompactd0:479]\n watchdog: BUG: soft lockup - CPU#33 stuck for 52s! [kcompactd0:479]\n watchdog: BUG: soft lockup - CPU#33 stuck for 78s! [kcompactd0:479]\n watchdog: BUG: soft lockup - CPU#33 stuck for 104s! [kcompactd0:479]\n\nThe machine had 256G of RAM with no swap and an earlier failed\nallocation indicated that node 0 where kcompactd was run was potentially\nunreclaimable;\n\n Node 0 active_anon:29355112kB inactive_anon:2913528kB active_file:0kB\n inactive_file:0kB unevictable:64kB isolated(anon):0kB isolated(file):0kB\n mapped:8kB dirty:0kB writeback:0kB shmem:26780kB shmem_thp:\n 0kB shmem_pmdmapped: 0kB anon_thp: 23480320kB writeback_tmp:0kB\n kernel_stack:2272kB pagetables:24500kB all_unreclaimable? yes\n\nVlastimil Babka investigated a crash dump and found that a task\nmigrating pages was trying to drain PCP lists;\n\n PID: 52922 TASK: ffff969f820e5000 CPU: 19 COMMAND: \"kworker/u128:3\"\n Call Trace:\n __schedule\n schedule\n schedule_timeout\n wait_for_completion\n __flush_work\n __drain_all_pages\n __alloc_pages_slowpath.constprop.114\n __alloc_pages\n alloc_migration_target\n migrate_pages\n migrate_to_node\n do_migrate_pages\n cpuset_migrate_mm_workfn\n process_one_work\n worker_thread\n kthread\n ret_from_fork\n\nThis failure is specific to CONFIG_PREEMPT=n builds. The root of the\nproblem is that kcompact0 is not rescheduling on a CPU while a task that\nhas isolated a large number of the pages from the LRU is waiting on\nkcompact0 to reschedule so the pages can be released. While\nshrink_inactive_list() only loops once around too_many_isolated, reclaim\ncan continue without rescheduling if sc-\u003eskipped_deactivate == 1 which\ncould happen if there was no file LRU and the inactive anon list was not\nlow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48800",
"url": "https://www.suse.com/security/cve/CVE-2022-48800"
},
{
"category": "external",
"summary": "SUSE Bug 1227954 for CVE-2022-48800",
"url": "https://bugzilla.suse.com/1227954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "low"
}
],
"title": "CVE-2022-48800"
},
{
"cve": "CVE-2022-48801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48801"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL\n\nIf we fail to copy the just created file descriptor to userland, we\ntry to clean up by putting back \u0027fd\u0027 and freeing \u0027ib\u0027. The code uses\nput_unused_fd() for the former which is wrong, as the file descriptor\nwas already published by fd_install() which gets called internally by\nanon_inode_getfd().\n\nThis makes the error handling code leaving a half cleaned up file\ndescriptor table around and a partially destructed \u0027file\u0027 object,\nallowing userland to play use-after-free tricks on us, by abusing\nthe still usable fd and making the code operate on a dangling\n\u0027file-\u003eprivate_data\u0027 pointer.\n\nInstead of leaving the kernel in a partially corrupted state, don\u0027t\nattempt to explicitly clean up and leave this to the process exit\npath that\u0027ll release any still valid fds, including the one created\nby the previous call to anon_inode_getfd(). Simply return -EFAULT to\nindicate the error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48801",
"url": "https://www.suse.com/security/cve/CVE-2022-48801"
},
{
"category": "external",
"summary": "SUSE Bug 1227956 for CVE-2022-48801",
"url": "https://bugzilla.suse.com/1227956"
},
{
"category": "external",
"summary": "SUSE Bug 1228023 for CVE-2022-48801",
"url": "https://bugzilla.suse.com/1228023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2022-48801"
},
{
"cve": "CVE-2022-48802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: task_mmu.c: don\u0027t read mapcount for migration entry\n\nThe syzbot reported the below BUG:\n\n kernel BUG at include/linux/page-flags.h:785!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n CPU: 1 PID: 4392 Comm: syz-executor560 Not tainted 5.16.0-rc6-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline]\n RIP: 0010:__page_mapcount+0x2d2/0x350 mm/util.c:744\n Call Trace:\n page_mapcount include/linux/mm.h:837 [inline]\n smaps_account+0x470/0xb10 fs/proc/task_mmu.c:466\n smaps_pte_entry fs/proc/task_mmu.c:538 [inline]\n smaps_pte_range+0x611/0x1250 fs/proc/task_mmu.c:601\n walk_pmd_range mm/pagewalk.c:128 [inline]\n walk_pud_range mm/pagewalk.c:205 [inline]\n walk_p4d_range mm/pagewalk.c:240 [inline]\n walk_pgd_range mm/pagewalk.c:277 [inline]\n __walk_page_range+0xe23/0x1ea0 mm/pagewalk.c:379\n walk_page_vma+0x277/0x350 mm/pagewalk.c:530\n smap_gather_stats.part.0+0x148/0x260 fs/proc/task_mmu.c:768\n smap_gather_stats fs/proc/task_mmu.c:741 [inline]\n show_smap+0xc6/0x440 fs/proc/task_mmu.c:822\n seq_read_iter+0xbb0/0x1240 fs/seq_file.c:272\n seq_read+0x3e0/0x5b0 fs/seq_file.c:162\n vfs_read+0x1b5/0x600 fs/read_write.c:479\n ksys_read+0x12d/0x250 fs/read_write.c:619\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe reproducer was trying to read /proc/$PID/smaps when calling\nMADV_FREE at the mean time. MADV_FREE may split THPs if it is called\nfor partial THP. It may trigger the below race:\n\n CPU A CPU B\n ----- -----\n smaps walk: MADV_FREE:\n page_mapcount()\n PageCompound()\n split_huge_page()\n page = compound_head(page)\n PageDoubleMap(page)\n\nWhen calling PageDoubleMap() this page is not a tail page of THP anymore\nso the BUG is triggered.\n\nThis could be fixed by elevated refcount of the page before calling\nmapcount, but that would prevent it from counting migration entries, and\nit seems overkilling because the race just could happen when PMD is\nsplit so all PTE entries of tail pages are actually migration entries,\nand smaps_account() does treat migration entries as mapcount == 1 as\nKirill pointed out.\n\nAdd a new parameter for smaps_account() to tell this entry is migration\nentry then skip calling page_mapcount(). Don\u0027t skip getting mapcount\nfor device private entries since they do track references with mapcount.\n\nPagemap also has the similar issue although it was not reported. Fixed\nit as well.\n\n[shy828301@gmail.com: v4]\n[nathan@kernel.org: avoid unused variable warning in pagemap_pmd_range()]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48802",
"url": "https://www.suse.com/security/cve/CVE-2022-48802"
},
{
"category": "external",
"summary": "SUSE Bug 1227942 for CVE-2022-48802",
"url": "https://bugzilla.suse.com/1227942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48802"
},
{
"cve": "CVE-2022-48803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48803"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ti: Fix missing sentinel for clk_div_table\n\n_get_table_maxdiv() tries to access \"clk_div_table\" array out of bound\ndefined in phy-j721e-wiz.c. Add a sentinel entry to prevent\nthe following global-out-of-bounds error reported by enabling KASAN.\n\n[ 9.552392] BUG: KASAN: global-out-of-bounds in _get_maxdiv+0xc0/0x148\n[ 9.558948] Read of size 4 at addr ffff8000095b25a4 by task kworker/u4:1/38\n[ 9.565926]\n[ 9.567441] CPU: 1 PID: 38 Comm: kworker/u4:1 Not tainted 5.16.0-116492-gdaadb3bd0e8d-dirty #360\n[ 9.576242] Hardware name: Texas Instruments J721e EVM (DT)\n[ 9.581832] Workqueue: events_unbound deferred_probe_work_func\n[ 9.587708] Call trace:\n[ 9.590174] dump_backtrace+0x20c/0x218\n[ 9.594038] show_stack+0x18/0x68\n[ 9.597375] dump_stack_lvl+0x9c/0xd8\n[ 9.601062] print_address_description.constprop.0+0x78/0x334\n[ 9.606830] kasan_report+0x1f0/0x260\n[ 9.610517] __asan_load4+0x9c/0xd8\n[ 9.614030] _get_maxdiv+0xc0/0x148\n[ 9.617540] divider_determine_rate+0x88/0x488\n[ 9.622005] divider_round_rate_parent+0xc8/0x124\n[ 9.626729] wiz_clk_div_round_rate+0x54/0x68\n[ 9.631113] clk_core_determine_round_nolock+0x124/0x158\n[ 9.636448] clk_core_round_rate_nolock+0x68/0x138\n[ 9.641260] clk_core_set_rate_nolock+0x268/0x3a8\n[ 9.645987] clk_set_rate+0x50/0xa8\n[ 9.649499] cdns_sierra_phy_init+0x88/0x248\n[ 9.653794] phy_init+0x98/0x108\n[ 9.657046] cdns_pcie_enable_phy+0xa0/0x170\n[ 9.661340] cdns_pcie_init_phy+0x250/0x2b0\n[ 9.665546] j721e_pcie_probe+0x4b8/0x798\n[ 9.669579] platform_probe+0x8c/0x108\n[ 9.673350] really_probe+0x114/0x630\n[ 9.677037] __driver_probe_device+0x18c/0x220\n[ 9.681505] driver_probe_device+0xac/0x150\n[ 9.685712] __device_attach_driver+0xec/0x170\n[ 9.690178] bus_for_each_drv+0xf0/0x158\n[ 9.694124] __device_attach+0x184/0x210\n[ 9.698070] device_initial_probe+0x14/0x20\n[ 9.702277] bus_probe_device+0xec/0x100\n[ 9.706223] deferred_probe_work_func+0x124/0x180\n[ 9.710951] process_one_work+0x4b0/0xbc0\n[ 9.714983] worker_thread+0x74/0x5d0\n[ 9.718668] kthread+0x214/0x230\n[ 9.721919] ret_from_fork+0x10/0x20\n[ 9.725520]\n[ 9.727032] The buggy address belongs to the variable:\n[ 9.732183] clk_div_table+0x24/0x440",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48803",
"url": "https://www.suse.com/security/cve/CVE-2022-48803"
},
{
"category": "external",
"summary": "SUSE Bug 1227965 for CVE-2022-48803",
"url": "https://bugzilla.suse.com/1227965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48803"
},
{
"cve": "CVE-2022-48804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt_ioctl: fix array_index_nospec in vt_setactivate\n\narray_index_nospec ensures that an out-of-bounds value is set to zero\non the transient path. Decreasing the value by one afterwards causes\na transient integer underflow. vsa.console should be decreased first\nand then sanitized with array_index_nospec.\n\nKasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU\nAmsterdam.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48804",
"url": "https://www.suse.com/security/cve/CVE-2022-48804"
},
{
"category": "external",
"summary": "SUSE Bug 1227968 for CVE-2022-48804",
"url": "https://bugzilla.suse.com/1227968"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48804"
},
{
"cve": "CVE-2022-48805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48805"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup\n\nax88179_rx_fixup() contains several out-of-bounds accesses that can be\ntriggered by a malicious (or defective) USB device, in particular:\n\n - The metadata array (hdr_off..hdr_off+2*pkt_cnt) can be out of bounds,\n causing OOB reads and (on big-endian systems) OOB endianness flips.\n - A packet can overlap the metadata array, causing a later OOB\n endianness flip to corrupt data used by a cloned SKB that has already\n been handed off into the network stack.\n - A packet SKB can be constructed whose tail is far beyond its end,\n causing out-of-bounds heap data to be considered part of the SKB\u0027s\n data.\n\nI have tested that this can be used by a malicious USB device to send a\nbogus ICMPv6 Echo Request and receive an ICMPv6 Echo Reply in response\nthat contains random kernel heap data.\nIt\u0027s probably also possible to get OOB writes from this on a\nlittle-endian system somehow - maybe by triggering skb_cow() via IP\noptions processing -, but I haven\u0027t tested that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48805",
"url": "https://www.suse.com/security/cve/CVE-2022-48805"
},
{
"category": "external",
"summary": "SUSE Bug 1227969 for CVE-2022-48805",
"url": "https://bugzilla.suse.com/1227969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48805"
},
{
"cve": "CVE-2022-48806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX\n\nCommit effa453168a7 (\"i2c: i801: Don\u0027t silently correct invalid transfer\nsize\") revealed that ee1004_eeprom_read() did not properly limit how\nmany bytes to read at once.\n\nIn particular, i2c_smbus_read_i2c_block_data_or_emulated() takes the\nlength to read as an u8. If count == 256 after taking into account the\noffset and page boundary, the cast to u8 overflows. And this is common\nwhen user space tries to read the entire EEPROM at once.\n\nTo fix it, limit each read to I2C_SMBUS_BLOCK_MAX (32) bytes, already\nthe maximum length i2c_smbus_read_i2c_block_data_or_emulated() allows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48806",
"url": "https://www.suse.com/security/cve/CVE-2022-48806"
},
{
"category": "external",
"summary": "SUSE Bug 1227948 for CVE-2022-48806",
"url": "https://bugzilla.suse.com/1227948"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48806"
},
{
"cve": "CVE-2022-48807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix KASAN error in LAG NETDEV_UNREGISTER handler\n\nCurrently, the same handler is called for both a NETDEV_BONDING_INFO\nLAG unlink notification as for a NETDEV_UNREGISTER call. This is\ncausing a problem though, since the netdev_notifier_info passed has\na different structure depending on which event is passed. The problem\nmanifests as a call trace from a BUG: KASAN stack-out-of-bounds error.\n\nFix this by creating a handler specific to NETDEV_UNREGISTER that only\nis passed valid elements in the netdev_notifier_info struct for the\nNETDEV_UNREGISTER event.\n\nAlso included is the removal of an unbalanced dev_put on the peer_netdev\nand related braces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48807",
"url": "https://www.suse.com/security/cve/CVE-2022-48807"
},
{
"category": "external",
"summary": "SUSE Bug 1227970 for CVE-2022-48807",
"url": "https://bugzilla.suse.com/1227970"
},
{
"category": "external",
"summary": "SUSE Bug 1228024 for CVE-2022-48807",
"url": "https://bugzilla.suse.com/1228024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2022-48807"
},
{
"cve": "CVE-2022-48811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48811"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: don\u0027t release napi in __ibmvnic_open()\n\nIf __ibmvnic_open() encounters an error such as when setting link state,\nit calls release_resources() which frees the napi structures needlessly.\nInstead, have __ibmvnic_open() only clean up the work it did so far (i.e.\ndisable napi and irqs) and leave the rest to the callers.\n\nIf caller of __ibmvnic_open() is ibmvnic_open(), it should release the\nresources immediately. If the caller is do_reset() or do_hard_reset(),\nthey will release the resources on the next reset.\n\nThis fixes following crash that occurred when running the drmgr command\nseveral times to add/remove a vnic interface:\n\n\t[102056] ibmvnic 30000003 env3: Disabling rx_scrq[6] irq\n\t[102056] ibmvnic 30000003 env3: Disabling rx_scrq[7] irq\n\t[102056] ibmvnic 30000003 env3: Replenished 8 pools\n\tKernel attempted to read user page (10) - exploit attempt? (uid: 0)\n\tBUG: Kernel NULL pointer dereference on read at 0x00000010\n\tFaulting instruction address: 0xc000000000a3c840\n\tOops: Kernel access of bad area, sig: 11 [#1]\n\tLE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n\t...\n\tCPU: 9 PID: 102056 Comm: kworker/9:2 Kdump: loaded Not tainted 5.16.0-rc5-autotest-g6441998e2e37 #1\n\tWorkqueue: events_long __ibmvnic_reset [ibmvnic]\n\tNIP: c000000000a3c840 LR: c0080000029b5378 CTR: c000000000a3c820\n\tREGS: c0000000548e37e0 TRAP: 0300 Not tainted (5.16.0-rc5-autotest-g6441998e2e37)\n\tMSR: 8000000000009033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 28248484 XER: 00000004\n\tCFAR: c0080000029bdd24 DAR: 0000000000000010 DSISR: 40000000 IRQMASK: 0\n\tGPR00: c0080000029b55d0 c0000000548e3a80 c0000000028f0200 0000000000000000\n\t...\n\tNIP [c000000000a3c840] napi_enable+0x20/0xc0\n\tLR [c0080000029b5378] __ibmvnic_open+0xf0/0x430 [ibmvnic]\n\tCall Trace:\n\t[c0000000548e3a80] [0000000000000006] 0x6 (unreliable)\n\t[c0000000548e3ab0] [c0080000029b55d0] __ibmvnic_open+0x348/0x430 [ibmvnic]\n\t[c0000000548e3b40] [c0080000029bcc28] __ibmvnic_reset+0x500/0xdf0 [ibmvnic]\n\t[c0000000548e3c60] [c000000000176228] process_one_work+0x288/0x570\n\t[c0000000548e3d00] [c000000000176588] worker_thread+0x78/0x660\n\t[c0000000548e3da0] [c0000000001822f0] kthread+0x1c0/0x1d0\n\t[c0000000548e3e10] [c00000000000cf64] ret_from_kernel_thread+0x5c/0x64\n\tInstruction dump:\n\t7d2948f8 792307e0 4e800020 60000000 3c4c01eb 384239e0 f821ffd1 39430010\n\t38a0fff6 e92d1100 f9210028 39200000 \u003ce9030010\u003e f9010020 60420000 e9210020\n\t---[ end trace 5f8033b08fd27706 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48811",
"url": "https://www.suse.com/security/cve/CVE-2022-48811"
},
{
"category": "external",
"summary": "SUSE Bug 1227928 for CVE-2022-48811",
"url": "https://bugzilla.suse.com/1227928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48811"
},
{
"cve": "CVE-2022-48812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: lantiq_gswip: don\u0027t use devres for mdiobus\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don\u0027t allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() \u003c-\ndevres_release_all() \u003c- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe GSWIP switch is a platform device, so the initial set of constraints\nthat I thought would cause this (I2C or SPI buses which call -\u003eremove on\n-\u003eshutdown) do not apply. But there is one more which applies here.\n\nIf the DSA master itself is on a bus that calls -\u003eremove from -\u003eshutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the GSWIP switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don\u0027t use devres at all.\n\nThe gswip driver has the code structure in place for orderly mdiobus\nremoval, so just replace devm_mdiobus_alloc() with the non-devres\nvariant, and add manual free where necessary, to ensure that we don\u0027t\nlet devres free a still-registered bus.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48812",
"url": "https://www.suse.com/security/cve/CVE-2022-48812"
},
{
"category": "external",
"summary": "SUSE Bug 1227971 for CVE-2022-48812",
"url": "https://bugzilla.suse.com/1227971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48812"
},
{
"cve": "CVE-2022-48813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: felix: don\u0027t use devres for mdiobus\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don\u0027t allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() \u003c-\ndevres_release_all() \u003c- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe Felix VSC9959 switch is a PCI device, so the initial set of\nconstraints that I thought would cause this (I2C or SPI buses which call\n-\u003eremove on -\u003eshutdown) do not apply. But there is one more which\napplies here.\n\nIf the DSA master itself is on a bus that calls -\u003eremove from -\u003eshutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the felix switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don\u0027t use devres at all.\n\nThe felix driver has the code structure in place for orderly mdiobus\nremoval, so just replace devm_mdiobus_alloc_size() with the non-devres\nvariant, and add manual free where necessary, to ensure that we don\u0027t\nlet devres free a still-registered bus.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48813",
"url": "https://www.suse.com/security/cve/CVE-2022-48813"
},
{
"category": "external",
"summary": "SUSE Bug 1227963 for CVE-2022-48813",
"url": "https://bugzilla.suse.com/1227963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48813"
},
{
"cve": "CVE-2022-48814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48814"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: seville: register the mdiobus under devres\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don\u0027t allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() \u003c-\ndevres_release_all() \u003c- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe Seville VSC9959 switch is a platform device, so the initial set of\nconstraints that I thought would cause this (I2C or SPI buses which call\n-\u003eremove on -\u003eshutdown) do not apply. But there is one more which\napplies here.\n\nIf the DSA master itself is on a bus that calls -\u003eremove from -\u003eshutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the seville switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don\u0027t use devres at all.\n\nThe seville driver has a code structure that could accommodate both the\nmdiobus_unregister and mdiobus_free calls, but it has an external\ndependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls\ndevm_mdiobus_alloc_size() on its behalf. So rather than restructuring\nthat, and exporting yet one more symbol mscc_miim_teardown(), let\u0027s work\nwith devres and replace of_mdiobus_register with the devres variant.\nWhen we use all-devres, we can ensure that devres doesn\u0027t free a\nstill-registered bus (it either runs both callbacks, or none).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48814",
"url": "https://www.suse.com/security/cve/CVE-2022-48814"
},
{
"category": "external",
"summary": "SUSE Bug 1227944 for CVE-2022-48814",
"url": "https://bugzilla.suse.com/1227944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48814"
},
{
"cve": "CVE-2022-48815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: don\u0027t use devres for mdiobus\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don\u0027t allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() \u003c-\ndevres_release_all() \u003c- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe Starfighter 2 is a platform device, so the initial set of\nconstraints that I thought would cause this (I2C or SPI buses which call\n-\u003eremove on -\u003eshutdown) do not apply. But there is one more which\napplies here.\n\nIf the DSA master itself is on a bus that calls -\u003eremove from -\u003eshutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the bcm_sf2 switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don\u0027t use devres at all.\n\nThe bcm_sf2 driver has the code structure in place for orderly mdiobus\nremoval, so just replace devm_mdiobus_alloc() with the non-devres\nvariant, and add manual free where necessary, to ensure that we don\u0027t\nlet devres free a still-registered bus.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48815",
"url": "https://www.suse.com/security/cve/CVE-2022-48815"
},
{
"category": "external",
"summary": "SUSE Bug 1227933 for CVE-2022-48815",
"url": "https://bugzilla.suse.com/1227933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48815"
},
{
"cve": "CVE-2022-48816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48816"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: lock against -\u003esock changing during sysfs read\n\n-\u003esock can be set to NULL asynchronously unless -\u003erecv_mutex is held.\nSo it is important to hold that mutex. Otherwise a sysfs read can\ntrigger an oops.\nCommit 17f09d3f619a (\"SUNRPC: Check if the xprt is connected before\nhandling sysfs reads\") appears to attempt to fix this problem, but it\nonly narrows the race window.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48816",
"url": "https://www.suse.com/security/cve/CVE-2022-48816"
},
{
"category": "external",
"summary": "SUSE Bug 1228038 for CVE-2022-48816",
"url": "https://bugzilla.suse.com/1228038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48816"
},
{
"cve": "CVE-2022-48817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48817"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: ar9331: register the mdiobus under devres\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don\u0027t allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() \u003c-\ndevres_release_all() \u003c- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe ar9331 is an MDIO device, so the initial set of constraints that I\nthought would cause this (I2C or SPI buses which call -\u003eremove on\n-\u003eshutdown) do not apply. But there is one more which applies here.\n\nIf the DSA master itself is on a bus that calls -\u003eremove from -\u003eshutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the ar9331 switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don\u0027t use devres at all.\n\nThe ar9331 driver doesn\u0027t have a complex code structure for mdiobus\nremoval, so just replace of_mdiobus_register with the devres variant in\norder to be all-devres and ensure that we don\u0027t free a still-registered\nbus.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48817",
"url": "https://www.suse.com/security/cve/CVE-2022-48817"
},
{
"category": "external",
"summary": "SUSE Bug 1227931 for CVE-2022-48817",
"url": "https://bugzilla.suse.com/1227931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48817"
},
{
"cve": "CVE-2022-48818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: don\u0027t use devres for mdiobus\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don\u0027t allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() \u003c-\ndevres_release_all() \u003c- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe mv88e6xxx is an MDIO device, so the initial set of constraints that\nI thought would cause this (I2C or SPI buses which call -\u003eremove on\n-\u003eshutdown) do not apply. But there is one more which applies here.\n\nIf the DSA master itself is on a bus that calls -\u003eremove from -\u003eshutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the Marvell switch driver on shutdown.\n\nsystemd-shutdown[1]: Powering off.\nmv88e6085 0x0000000008b96000:00 sw_gl0: Link is Down\nfsl-mc dpbp.9: Removing from iommu group 7\nfsl-mc dpbp.8: Removing from iommu group 7\n------------[ cut here ]------------\nkernel BUG at drivers/net/phy/mdio_bus.c:677!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 5.16.5-00040-gdc05f73788e5 #15\npc : mdiobus_free+0x44/0x50\nlr : devm_mdiobus_free+0x10/0x20\nCall trace:\n mdiobus_free+0x44/0x50\n devm_mdiobus_free+0x10/0x20\n devres_release_all+0xa0/0x100\n __device_release_driver+0x190/0x220\n device_release_driver_internal+0xac/0xb0\n device_links_unbind_consumers+0xd4/0x100\n __device_release_driver+0x4c/0x220\n device_release_driver_internal+0xac/0xb0\n device_links_unbind_consumers+0xd4/0x100\n __device_release_driver+0x94/0x220\n device_release_driver+0x28/0x40\n bus_remove_device+0x118/0x124\n device_del+0x174/0x420\n fsl_mc_device_remove+0x24/0x40\n __fsl_mc_device_remove+0xc/0x20\n device_for_each_child+0x58/0xa0\n dprc_remove+0x90/0xb0\n fsl_mc_driver_remove+0x20/0x5c\n __device_release_driver+0x21c/0x220\n device_release_driver+0x28/0x40\n bus_remove_device+0x118/0x124\n device_del+0x174/0x420\n fsl_mc_bus_remove+0x80/0x100\n fsl_mc_bus_shutdown+0xc/0x1c\n platform_shutdown+0x20/0x30\n device_shutdown+0x154/0x330\n kernel_power_off+0x34/0x6c\n __do_sys_reboot+0x15c/0x250\n __arm64_sys_reboot+0x20/0x30\n invoke_syscall.constprop.0+0x4c/0xe0\n do_el0_svc+0x4c/0x150\n el0_svc+0x24/0xb0\n el0t_64_sync_handler+0xa8/0xb0\n el0t_64_sync+0x178/0x17c\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don\u0027t use devres at all.\n\nThe Marvell driver already has a good structure for mdiobus removal, so\njust plug in mdiobus_free and get rid of devres.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48818",
"url": "https://www.suse.com/security/cve/CVE-2022-48818"
},
{
"category": "external",
"summary": "SUSE Bug 1228039 for CVE-2022-48818",
"url": "https://bugzilla.suse.com/1228039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48818"
},
{
"cve": "CVE-2022-48820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable()\n\nThis error path needs to decrement \"usbphyc-\u003en_pll_cons.counter\" before\nreturning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48820",
"url": "https://www.suse.com/security/cve/CVE-2022-48820"
},
{
"category": "external",
"summary": "SUSE Bug 1227972 for CVE-2022-48820",
"url": "https://bugzilla.suse.com/1227972"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48820"
},
{
"cve": "CVE-2022-48821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: avoid double fput() on failed usercopy\n\nIf the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF\nioctl(), we shouldn\u0027t assume that \u0027buf-\u003edmabuf\u0027 is still valid. In fact,\ndma_buf_fd() called fd_install() before, i.e. \"consumed\" one reference,\nleaving us with none.\n\nCalling dma_buf_put() will therefore put a reference we no longer own,\nleading to a valid file descritor table entry for an already released\n\u0027file\u0027 object which is a straight use-after-free.\n\nSimply avoid calling dma_buf_put() and rely on the process exit code to\ndo the necessary cleanup, if needed, i.e. if the file descriptor is\nstill valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48821",
"url": "https://www.suse.com/security/cve/CVE-2022-48821"
},
{
"category": "external",
"summary": "SUSE Bug 1227976 for CVE-2022-48821",
"url": "https://bugzilla.suse.com/1227976"
},
{
"category": "external",
"summary": "SUSE Bug 1228022 for CVE-2022-48821",
"url": "https://bugzilla.suse.com/1228022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2022-48821"
},
{
"cve": "CVE-2022-48822",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48822"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: f_fs: Fix use-after-free for epfile\n\nConsider a case where ffs_func_eps_disable is called from\nffs_func_disable as part of composition switch and at the\nsame time ffs_epfile_release get called from userspace.\nffs_epfile_release will free up the read buffer and call\nffs_data_closed which in turn destroys ffs-\u003eepfiles and\nmark it as NULL. While this was happening the driver has\nalready initialized the local epfile in ffs_func_eps_disable\nwhich is now freed and waiting to acquire the spinlock. Once\nspinlock is acquired the driver proceeds with the stale value\nof epfile and tries to free the already freed read buffer\ncausing use-after-free.\n\nFollowing is the illustration of the race:\n\n CPU1 CPU2\n\n ffs_func_eps_disable\n epfiles (local copy)\n\t\t\t\t\tffs_epfile_release\n\t\t\t\t\tffs_data_closed\n\t\t\t\t\tif (last file closed)\n\t\t\t\t\tffs_data_reset\n\t\t\t\t\tffs_data_clear\n\t\t\t\t\tffs_epfiles_destroy\nspin_lock\ndereference epfiles\n\nFix this races by taking epfiles local copy \u0026 assigning it under\nspinlock and if epfiles(local) is null then update it in ffs-\u003eepfiles\nthen finally destroy it.\nExtending the scope further from the race, protecting the ep related\nstructures, and concurrent accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48822",
"url": "https://www.suse.com/security/cve/CVE-2022-48822"
},
{
"category": "external",
"summary": "SUSE Bug 1228040 for CVE-2022-48822",
"url": "https://bugzilla.suse.com/1228040"
},
{
"category": "external",
"summary": "SUSE Bug 1228136 for CVE-2022-48822",
"url": "https://bugzilla.suse.com/1228136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2022-48822"
},
{
"cve": "CVE-2022-48823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Fix refcount issue when LOGO is received during TMF\n\nHung task call trace was seen during LOGO processing.\n\n[ 974.309060] [0000:00:00.0]:[qedf_eh_device_reset:868]: 1:0:2:0: LUN RESET Issued...\n[ 974.309065] [0000:00:00.0]:[qedf_initiate_tmf:2422]: tm_flags 0x10 sc_cmd 00000000c16b930f op = 0x2a target_id = 0x2 lun=0\n[ 974.309178] [0000:00:00.0]:[qedf_initiate_tmf:2431]: portid=016900 tm_flags =LUN RESET\n[ 974.309222] [0000:00:00.0]:[qedf_initiate_tmf:2438]: orig io_req = 00000000ec78df8f xid = 0x180 ref_cnt = 1.\n[ 974.309625] host1: rport 016900: Received LOGO request while in state Ready\n[ 974.309627] host1: rport 016900: Delete port\n[ 974.309642] host1: rport 016900: work event 3\n[ 974.309644] host1: rport 016900: lld callback ev 3\n[ 974.313243] [0000:61:00.2]:[qedf_execute_tmf:2383]:1: fcport is uploading, not executing flush.\n[ 974.313295] [0000:61:00.2]:[qedf_execute_tmf:2400]:1: task mgmt command success...\n[ 984.031088] INFO: task jbd2/dm-15-8:7645 blocked for more than 120 seconds.\n[ 984.031136] Not tainted 4.18.0-305.el8.x86_64 #1\n\n[ 984.031166] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 984.031209] jbd2/dm-15-8 D 0 7645 2 0x80004080\n[ 984.031212] Call Trace:\n[ 984.031222] __schedule+0x2c4/0x700\n[ 984.031230] ? unfreeze_partials.isra.83+0x16e/0x1a0\n[ 984.031233] ? bit_wait_timeout+0x90/0x90\n[ 984.031235] schedule+0x38/0xa0\n[ 984.031238] io_schedule+0x12/0x40\n[ 984.031240] bit_wait_io+0xd/0x50\n[ 984.031243] __wait_on_bit+0x6c/0x80\n[ 984.031248] ? free_buffer_head+0x21/0x50\n[ 984.031251] out_of_line_wait_on_bit+0x91/0xb0\n[ 984.031257] ? init_wait_var_entry+0x50/0x50\n[ 984.031268] jbd2_journal_commit_transaction+0x112e/0x19f0 [jbd2]\n[ 984.031280] kjournald2+0xbd/0x270 [jbd2]\n[ 984.031284] ? finish_wait+0x80/0x80\n[ 984.031291] ? commit_timeout+0x10/0x10 [jbd2]\n[ 984.031294] kthread+0x116/0x130\n[ 984.031300] ? kthread_flush_work_fn+0x10/0x10\n[ 984.031305] ret_from_fork+0x1f/0x40\n\nThere was a ref count issue when LOGO is received during TMF. This leads to\none of the I/Os hanging with the driver. Fix the ref count.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48823",
"url": "https://www.suse.com/security/cve/CVE-2022-48823"
},
{
"category": "external",
"summary": "SUSE Bug 1228045 for CVE-2022-48823",
"url": "https://bugzilla.suse.com/1228045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48823"
},
{
"cve": "CVE-2022-48824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: myrs: Fix crash in error case\n\nIn myrs_detect(), cs-\u003edisable_intr is NULL when privdata-\u003ehw_init() fails\nwith non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and\ncrash the kernel.\n\n[ 1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A\n[ 1.105872] myrs 0000:00:03.0: Failed to initialize Controller\n[ 1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 1.110774] Call Trace:\n[ 1.110950] myrs_cleanup+0xe4/0x150 [myrs]\n[ 1.111135] myrs_probe.cold+0x91/0x56a [myrs]\n[ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [myrs]\n[ 1.111500] local_pci_probe+0x48/0x90",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48824",
"url": "https://www.suse.com/security/cve/CVE-2022-48824"
},
{
"category": "external",
"summary": "SUSE Bug 1227964 for CVE-2022-48824",
"url": "https://bugzilla.suse.com/1227964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48824"
},
{
"cve": "CVE-2022-48825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Add stag_work to all the vports\n\nCall trace seen when creating NPIV ports, only 32 out of 64 show online.\nstag work was not initialized for vport, hence initialize the stag work.\n\nWARNING: CPU: 8 PID: 645 at kernel/workqueue.c:1635 __queue_delayed_work+0x68/0x80\nCPU: 8 PID: 645 Comm: kworker/8:1 Kdump: loaded Tainted: G IOE --------- --\n 4.18.0-348.el8.x86_64 #1\nHardware name: Dell Inc. PowerEdge MX740c/0177V9, BIOS 2.12.2 07/09/2021\nWorkqueue: events fc_lport_timeout [libfc]\nRIP: 0010:__queue_delayed_work+0x68/0x80\nCode: 89 b2 88 00 00 00 44 89 82 90 00 00 00 48 01 c8 48 89 42 50 41 81\nf8 00 20 00 00 75 1d e9 60 24 07 00 44 89 c7 e9 98 f6 ff ff \u003c0f\u003e 0b eb\nc5 0f 0b eb a1 0f 0b eb a7 0f 0b eb ac 44 89 c6 e9 40 23\nRSP: 0018:ffffae514bc3be40 EFLAGS: 00010006\nRAX: ffff8d25d6143750 RBX: 0000000000000202 RCX: 0000000000000002\nRDX: ffff8d2e31383748 RSI: ffff8d25c000d600 RDI: ffff8d2e31383788\nRBP: ffff8d2e31380de0 R08: 0000000000002000 R09: ffff8d2e31383750\nR10: ffffffffc0c957e0 R11: ffff8d2624800000 R12: ffff8d2e31380a58\nR13: ffff8d2d915eb000 R14: ffff8d25c499b5c0 R15: ffff8d2e31380e18\nFS: 0000000000000000(0000) GS:ffff8d2d1fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055fd0484b8b8 CR3: 00000008ffc10006 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n queue_delayed_work_on+0x36/0x40\n qedf_elsct_send+0x57/0x60 [qedf]\n fc_lport_enter_flogi+0x90/0xc0 [libfc]\n fc_lport_timeout+0xb7/0x140 [libfc]\n process_one_work+0x1a7/0x360\n ? create_worker+0x1a0/0x1a0\n worker_thread+0x30/0x390\n ? create_worker+0x1a0/0x1a0\n kthread+0x116/0x130\n ? kthread_flush_work_fn+0x10/0x10\n ret_from_fork+0x35/0x40\n ---[ end trace 008f00f722f2c2ff ]--\n\nInitialize stag work for all the vports.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48825",
"url": "https://www.suse.com/security/cve/CVE-2022-48825"
},
{
"category": "external",
"summary": "SUSE Bug 1228056 for CVE-2022-48825",
"url": "https://bugzilla.suse.com/1228056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "low"
}
],
"title": "CVE-2022-48825"
},
{
"cve": "CVE-2022-48826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Fix deadlock on DSI device attach error\n\nDSI device attach to DSI host will be done with host device\u0027s lock\nheld.\n\nUn-registering host in \"device attach\" error path (ex: probe retry)\nwill result in deadlock with below call trace and non operational\nDSI display.\n\nStartup Call trace:\n[ 35.043036] rt_mutex_slowlock.constprop.21+0x184/0x1b8\n[ 35.043048] mutex_lock_nested+0x7c/0xc8\n[ 35.043060] device_del+0x4c/0x3e8\n[ 35.043075] device_unregister+0x20/0x40\n[ 35.043082] mipi_dsi_remove_device_fn+0x18/0x28\n[ 35.043093] device_for_each_child+0x68/0xb0\n[ 35.043105] mipi_dsi_host_unregister+0x40/0x90\n[ 35.043115] vc4_dsi_host_attach+0xf0/0x120 [vc4]\n[ 35.043199] mipi_dsi_attach+0x30/0x48\n[ 35.043209] tc358762_probe+0x128/0x164 [tc358762]\n[ 35.043225] mipi_dsi_drv_probe+0x28/0x38\n[ 35.043234] really_probe+0xc0/0x318\n[ 35.043244] __driver_probe_device+0x80/0xe8\n[ 35.043254] driver_probe_device+0xb8/0x118\n[ 35.043263] __device_attach_driver+0x98/0xe8\n[ 35.043273] bus_for_each_drv+0x84/0xd8\n[ 35.043281] __device_attach+0xf0/0x150\n[ 35.043290] device_initial_probe+0x1c/0x28\n[ 35.043300] bus_probe_device+0xa4/0xb0\n[ 35.043308] deferred_probe_work_func+0xa0/0xe0\n[ 35.043318] process_one_work+0x254/0x700\n[ 35.043330] worker_thread+0x4c/0x448\n[ 35.043339] kthread+0x19c/0x1a8\n[ 35.043348] ret_from_fork+0x10/0x20\n\nShutdown Call trace:\n[ 365.565417] Call trace:\n[ 365.565423] __switch_to+0x148/0x200\n[ 365.565452] __schedule+0x340/0x9c8\n[ 365.565467] schedule+0x48/0x110\n[ 365.565479] schedule_timeout+0x3b0/0x448\n[ 365.565496] wait_for_completion+0xac/0x138\n[ 365.565509] __flush_work+0x218/0x4e0\n[ 365.565523] flush_work+0x1c/0x28\n[ 365.565536] wait_for_device_probe+0x68/0x158\n[ 365.565550] device_shutdown+0x24/0x348\n[ 365.565561] kernel_restart_prepare+0x40/0x50\n[ 365.565578] kernel_restart+0x20/0x70\n[ 365.565591] __do_sys_reboot+0x10c/0x220\n[ 365.565605] __arm64_sys_reboot+0x2c/0x38\n[ 365.565619] invoke_syscall+0x4c/0x110\n[ 365.565634] el0_svc_common.constprop.3+0xfc/0x120\n[ 365.565648] do_el0_svc+0x2c/0x90\n[ 365.565661] el0_svc+0x4c/0xf0\n[ 365.565671] el0t_64_sync_handler+0x90/0xb8\n[ 365.565682] el0t_64_sync+0x180/0x184",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48826",
"url": "https://www.suse.com/security/cve/CVE-2022-48826"
},
{
"category": "external",
"summary": "SUSE Bug 1227975 for CVE-2022-48826",
"url": "https://bugzilla.suse.com/1227975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48826"
},
{
"cve": "CVE-2022-48827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix the behavior of READ near OFFSET_MAX\n\nDan Aloni reports:\n\u003e Due to commit 8cfb9015280d (\"NFS: Always provide aligned buffers to\n\u003e the RPC read layers\") on the client, a read of 0xfff is aligned up\n\u003e to server rsize of 0x1000.\n\u003e\n\u003e As a result, in a test where the server has a file of size\n\u003e 0x7fffffffffffffff, and the client tries to read from the offset\n\u003e 0x7ffffffffffff000, the read causes loff_t overflow in the server\n\u003e and it returns an NFS code of EINVAL to the client. The client as\n\u003e a result indefinitely retries the request.\n\nThe Linux NFS client does not handle NFS?ERR_INVAL, even though all\nNFS specifications permit servers to return that status code for a\nREAD.\n\nInstead of NFS?ERR_INVAL, have out-of-range READ requests succeed\nand return a short result. Set the EOF flag in the result to prevent\nthe client from retrying the READ request. This behavior appears to\nbe consistent with Solaris NFS servers.\n\nNote that NFSv3 and NFSv4 use u64 offset values on the wire. These\nmust be converted to loff_t internally before use -- an implicit\ntype cast is not adequate for this purpose. Otherwise VFS checks\nagainst sb-\u003es_maxbytes do not work properly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48827",
"url": "https://www.suse.com/security/cve/CVE-2022-48827"
},
{
"category": "external",
"summary": "SUSE Bug 1228037 for CVE-2022-48827",
"url": "https://bugzilla.suse.com/1228037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48827"
},
{
"cve": "CVE-2022-48828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix ia_size underflow\n\niattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and\nNFSv4 both define file size as an unsigned 64-bit type. Thus there\nis a range of valid file size values an NFS client can send that is\nalready larger than Linux can handle.\n\nCurrently decode_fattr4() dumps a full u64 value into ia_size. If\nthat value happens to be larger than S64_MAX, then ia_size\nunderflows. I\u0027m about to fix up the NFSv3 behavior as well, so let\u0027s\ncatch the underflow in the common code path: nfsd_setattr().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48828",
"url": "https://www.suse.com/security/cve/CVE-2022-48828"
},
{
"category": "external",
"summary": "SUSE Bug 1228054 for CVE-2022-48828",
"url": "https://bugzilla.suse.com/1228054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48828"
},
{
"cve": "CVE-2022-48829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix NFSv3 SETATTR/CREATE\u0027s handling of large file sizes\n\niattr::ia_size is a loff_t, so these NFSv3 procedures must be\ncareful to deal with incoming client size values that are larger\nthan s64_max without corrupting the value.\n\nSilently capping the value results in storing a different value\nthan the client passed in which is unexpected behavior, so remove\nthe min_t() check in decode_sattr3().\n\nNote that RFC 1813 permits only the WRITE procedure to return\nNFS3ERR_FBIG. We believe that NFSv3 reference implementations\nalso return NFS3ERR_FBIG when ia_size is too large.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48829",
"url": "https://www.suse.com/security/cve/CVE-2022-48829"
},
{
"category": "external",
"summary": "SUSE Bug 1228055 for CVE-2022-48829",
"url": "https://bugzilla.suse.com/1228055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48829"
},
{
"cve": "CVE-2022-48830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: isotp: fix potential CAN frame reception race in isotp_rcv()\n\nWhen receiving a CAN frame the current code logic does not consider\nconcurrently receiving processes which do not show up in real world\nusage.\n\nZiyang Xuan writes:\n\nThe following syz problem is one of the scenarios. so-\u003erx.len is\nchanged by isotp_rcv_ff() during isotp_rcv_cf(), so-\u003erx.len equals\n0 before alloc_skb() and equals 4096 after alloc_skb(). That will\ntrigger skb_over_panic() in skb_put().\n\n=======================================================\nCPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 5.16.0-rc8-syzkaller #0\nRIP: 0010:skb_panic+0x16c/0x16e net/core/skbuff.c:113\nCall Trace:\n \u003cTASK\u003e\n skb_over_panic net/core/skbuff.c:118 [inline]\n skb_put.cold+0x24/0x24 net/core/skbuff.c:1990\n isotp_rcv_cf net/can/isotp.c:570 [inline]\n isotp_rcv+0xa38/0x1e30 net/can/isotp.c:668\n deliver net/can/af_can.c:574 [inline]\n can_rcv_filter+0x445/0x8d0 net/can/af_can.c:635\n can_receive+0x31d/0x580 net/can/af_can.c:665\n can_rcv+0x120/0x1c0 net/can/af_can.c:696\n __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5465\n __netif_receive_skb+0x24/0x1b0 net/core/dev.c:5579\n\nTherefore we make sure the state changes and data structures stay\nconsistent at CAN frame reception time by adding a spin_lock in\nisotp_rcv(). This fixes the issue reported by syzkaller but does not\naffect real world operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48830",
"url": "https://www.suse.com/security/cve/CVE-2022-48830"
},
{
"category": "external",
"summary": "SUSE Bug 1227982 for CVE-2022-48830",
"url": "https://bugzilla.suse.com/1227982"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48830"
},
{
"cve": "CVE-2022-48831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: fix reference leak in asymmetric_verify()\n\nDon\u0027t leak a reference to the key if its algorithm is unknown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48831",
"url": "https://www.suse.com/security/cve/CVE-2022-48831"
},
{
"category": "external",
"summary": "SUSE Bug 1227986 for CVE-2022-48831",
"url": "https://bugzilla.suse.com/1227986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48831"
},
{
"cve": "CVE-2022-48834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: usbtmc: Fix bug in pipe direction for control transfers\n\nThe syzbot fuzzer reported a minor bug in the usbtmc driver:\n\nusb 5-1: BOGUS control dir, pipe 80001e80 doesn\u0027t match bRequestType 0\nWARNING: CPU: 0 PID: 3813 at drivers/usb/core/urb.c:412\nusb_submit_urb+0x13a5/0x1970 drivers/usb/core/urb.c:410\nModules linked in:\nCPU: 0 PID: 3813 Comm: syz-executor122 Not tainted\n5.17.0-rc5-syzkaller-00306-g2293be58d6a1 #0\n...\nCall Trace:\n \u003cTASK\u003e\n usb_start_wait_urb+0x113/0x530 drivers/usb/core/message.c:58\n usb_internal_control_msg drivers/usb/core/message.c:102 [inline]\n usb_control_msg+0x2a5/0x4b0 drivers/usb/core/message.c:153\n usbtmc_ioctl_request drivers/usb/class/usbtmc.c:1947 [inline]\n\nThe problem is that usbtmc_ioctl_request() uses usb_rcvctrlpipe() for\nall of its transfers, whether they are in or out. It\u0027s easy to fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48834",
"url": "https://www.suse.com/security/cve/CVE-2022-48834"
},
{
"category": "external",
"summary": "SUSE Bug 1228062 for CVE-2022-48834",
"url": "https://bugzilla.suse.com/1228062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48834"
},
{
"cve": "CVE-2022-48835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Page fault in reply q processing\n\nA page fault was encountered in mpt3sas on a LUN reset error path:\n\n[ 145.763216] mpt3sas_cm1: Task abort tm failed: handle(0x0002),timeout(30) tr_method(0x0) smid(3) msix_index(0)\n[ 145.778932] scsi 1:0:0:0: task abort: FAILED scmd(0x0000000024ba29a2)\n[ 145.817307] scsi 1:0:0:0: attempting device reset! scmd(0x0000000024ba29a2)\n[ 145.827253] scsi 1:0:0:0: [sg1] tag#2 CDB: Receive Diagnostic 1c 01 01 ff fc 00\n[ 145.837617] scsi target1:0:0: handle(0x0002), sas_address(0x500605b0000272b9), phy(0)\n[ 145.848598] scsi target1:0:0: enclosure logical id(0x500605b0000272b8), slot(0)\n[ 149.858378] mpt3sas_cm1: Poll ReplyDescriptor queues for completion of smid(0), task_type(0x05), handle(0x0002)\n[ 149.875202] BUG: unable to handle page fault for address: 00000007fffc445d\n[ 149.885617] #PF: supervisor read access in kernel mode\n[ 149.894346] #PF: error_code(0x0000) - not-present page\n[ 149.903123] PGD 0 P4D 0\n[ 149.909387] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 149.917417] CPU: 24 PID: 3512 Comm: scsi_eh_1 Kdump: loaded Tainted: G S O 5.10.89-altav-1 #1\n[ 149.934327] Hardware name: DDN 200NVX2 /200NVX2-MB , BIOS ATHG2.2.02.01 09/10/2021\n[ 149.951871] RIP: 0010:_base_process_reply_queue+0x4b/0x900 [mpt3sas]\n[ 149.961889] Code: 0f 84 22 02 00 00 8d 48 01 49 89 fd 48 8d 57 38 f0 0f b1 4f 38 0f 85 d8 01 00 00 49 8b 45 10 45 31 e4 41 8b 55 0c 48 8d 1c d0 \u003c0f\u003e b6 03 83 e0 0f 3c 0f 0f 85 a2 00 00 00 e9 e6 01 00 00 0f b7 ee\n[ 149.991952] RSP: 0018:ffffc9000f1ebcb8 EFLAGS: 00010246\n[ 150.000937] RAX: 0000000000000055 RBX: 00000007fffc445d RCX: 000000002548f071\n[ 150.011841] RDX: 00000000ffff8881 RSI: 0000000000000001 RDI: ffff888125ed50d8\n[ 150.022670] RBP: 0000000000000000 R08: 0000000000000000 R09: c0000000ffff7fff\n[ 150.033445] R10: ffffc9000f1ebb68 R11: ffffc9000f1ebb60 R12: 0000000000000000\n[ 150.044204] R13: ffff888125ed50d8 R14: 0000000000000080 R15: 34cdc00034cdea80\n[ 150.054963] FS: 0000000000000000(0000) GS:ffff88dfaf200000(0000) knlGS:0000000000000000\n[ 150.066715] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 150.076078] CR2: 00000007fffc445d CR3: 000000012448a006 CR4: 0000000000770ee0\n[ 150.086887] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 150.097670] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 150.108323] PKRU: 55555554\n[ 150.114690] Call Trace:\n[ 150.120497] ? printk+0x48/0x4a\n[ 150.127049] mpt3sas_scsih_issue_tm.cold.114+0x2e/0x2b3 [mpt3sas]\n[ 150.136453] mpt3sas_scsih_issue_locked_tm+0x86/0xb0 [mpt3sas]\n[ 150.145759] scsih_dev_reset+0xea/0x300 [mpt3sas]\n[ 150.153891] scsi_eh_ready_devs+0x541/0x9e0 [scsi_mod]\n[ 150.162206] ? __scsi_host_match+0x20/0x20 [scsi_mod]\n[ 150.170406] ? scsi_try_target_reset+0x90/0x90 [scsi_mod]\n[ 150.178925] ? blk_mq_tagset_busy_iter+0x45/0x60\n[ 150.186638] ? scsi_try_target_reset+0x90/0x90 [scsi_mod]\n[ 150.195087] scsi_error_handler+0x3a5/0x4a0 [scsi_mod]\n[ 150.203206] ? __schedule+0x1e9/0x610\n[ 150.209783] ? scsi_eh_get_sense+0x210/0x210 [scsi_mod]\n[ 150.217924] kthread+0x12e/0x150\n[ 150.224041] ? kthread_worker_fn+0x130/0x130\n[ 150.231206] ret_from_fork+0x1f/0x30\n\nThis is caused by mpt3sas_base_sync_reply_irqs() using an invalid reply_q\npointer outside of the list_for_each_entry() loop. At the end of the full\nlist traversal the pointer is invalid.\n\nMove the _base_process_reply_queue() call inside of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48835",
"url": "https://www.suse.com/security/cve/CVE-2022-48835"
},
{
"category": "external",
"summary": "SUSE Bug 1228060 for CVE-2022-48835",
"url": "https://bugzilla.suse.com/1228060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48835"
},
{
"cve": "CVE-2022-48836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: aiptek - properly check endpoint type\n\nSyzbot reported warning in usb_submit_urb() which is caused by wrong\nendpoint type. There was a check for the number of endpoints, but not\nfor the type of endpoint.\n\nFix it by replacing old desc.bNumEndpoints check with\nusb_find_common_endpoints() helper for finding endpoints\n\nFail log:\n\nusb 5-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 2 PID: 48 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\nModules linked in:\nCPU: 2 PID: 48 Comm: kworker/2:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07ebd38a0da2 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nWorkqueue: usb_hub_wq hub_event\n...\nCall Trace:\n \u003cTASK\u003e\n aiptek_open+0xd5/0x130 drivers/input/tablet/aiptek.c:830\n input_open_device+0x1bb/0x320 drivers/input/input.c:629\n kbd_connect+0xfe/0x160 drivers/tty/vt/keyboard.c:1593",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48836",
"url": "https://www.suse.com/security/cve/CVE-2022-48836"
},
{
"category": "external",
"summary": "SUSE Bug 1227989 for CVE-2022-48836",
"url": "https://bugzilla.suse.com/1227989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48836"
},
{
"cve": "CVE-2022-48837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48837"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: rndis: prevent integer overflow in rndis_set_response()\n\nIf \"BufOffset\" is very large the \"BufOffset + 8\" operation can have an\ninteger overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48837",
"url": "https://www.suse.com/security/cve/CVE-2022-48837"
},
{
"category": "external",
"summary": "SUSE Bug 1227987 for CVE-2022-48837",
"url": "https://bugzilla.suse.com/1227987"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48837"
},
{
"cve": "CVE-2022-48838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: Fix use-after-free bug by not setting udc-\u003edev.driver\n\nThe syzbot fuzzer found a use-after-free bug:\n\nBUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320\nRead of size 8 at addr ffff88802b934098 by task udevd/3689\n\nCPU: 2 PID: 3689 Comm: udevd Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n dev_uevent+0x712/0x780 drivers/base/core.c:2320\n uevent_show+0x1b8/0x380 drivers/base/core.c:2391\n dev_attr_show+0x4b/0x90 drivers/base/core.c:2094\n\nAlthough the bug manifested in the driver core, the real cause was a\nrace with the gadget core. dev_uevent() does:\n\n\tif (dev-\u003edriver)\n\t\tadd_uevent_var(env, \"DRIVER=%s\", dev-\u003edriver-\u003ename);\n\nand between the test and the dereference of dev-\u003edriver, the gadget\ncore sets dev-\u003edriver to NULL.\n\nThe race wouldn\u0027t occur if the gadget core registered its devices on\na real bus, using the standard synchronization techniques of the\ndriver core. However, it\u0027s not necessary to make such a large change\nin order to fix this bug; all we need to do is make sure that\nudc-\u003edev.driver is always NULL.\n\nIn fact, there is no reason for udc-\u003edev.driver ever to be set to\nanything, let alone to the value it currently gets: the address of the\ngadget\u0027s driver. After all, a gadget driver only knows how to manage\na gadget, not how to manage a UDC.\n\nThis patch simply removes the statements in the gadget core that touch\nudc-\u003edev.driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48838",
"url": "https://www.suse.com/security/cve/CVE-2022-48838"
},
{
"category": "external",
"summary": "SUSE Bug 1227988 for CVE-2022-48838",
"url": "https://bugzilla.suse.com/1227988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48838"
},
{
"cve": "CVE-2022-48839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix slab-out-of-bounds access in packet_recvmsg()\n\nsyzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH\nand mmap operations, tpacket_rcv() is queueing skbs with\ngarbage in skb-\u003ecb[], triggering a too big copy [1]\n\nPresumably, users of af_packet using mmap() already gets correct\nmetadata from the mapped buffer, we can simply make sure\nto clear 12 bytes that might be copied to user space later.\n\nBUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:225 [inline]\nBUG: KASAN: stack-out-of-bounds in packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489\nWrite of size 165 at addr ffffc9000385fb78 by task syz-executor233/3631\n\nCPU: 0 PID: 3631 Comm: syz-executor233 Not tainted 5.17.0-rc7-syzkaller-02396-g0b3660695e80 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0xf/0x336 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189\n memcpy+0x39/0x60 mm/kasan/shadow.c:66\n memcpy include/linux/fortify-string.h:225 [inline]\n packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489\n sock_recvmsg_nosec net/socket.c:948 [inline]\n sock_recvmsg net/socket.c:966 [inline]\n sock_recvmsg net/socket.c:962 [inline]\n ____sys_recvmsg+0x2c4/0x600 net/socket.c:2632\n ___sys_recvmsg+0x127/0x200 net/socket.c:2674\n __sys_recvmsg+0xe2/0x1a0 net/socket.c:2704\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fdfd5954c29\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29\nRDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60\nR13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54\n \u003c/TASK\u003e\n\naddr ffffc9000385fb78 is located in stack of task syz-executor233/3631 at offset 32 in frame:\n ____sys_recvmsg+0x0/0x600 include/linux/uio.h:246\n\nthis frame has 1 object:\n [32, 160) \u0027addr\u0027\n\nMemory state around the buggy address:\n ffffc9000385fa80: 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00\n ffffc9000385fb00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00\n\u003effffc9000385fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3\n ^\n ffffc9000385fc00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1\n ffffc9000385fc80: f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48839",
"url": "https://www.suse.com/security/cve/CVE-2022-48839"
},
{
"category": "external",
"summary": "SUSE Bug 1227985 for CVE-2022-48839",
"url": "https://bugzilla.suse.com/1227985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48839"
},
{
"cve": "CVE-2022-48840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48840"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix hang during reboot/shutdown\n\nRecent commit 974578017fc1 (\"iavf: Add waiting so the port is\ninitialized in remove\") adds a wait-loop at the beginning of\niavf_remove() to ensure that port initialization is finished\nprior unregistering net device. This causes a regression\nin reboot/shutdown scenario because in this case callback\niavf_shutdown() is called and this callback detaches the device,\nmakes it down if it is running and sets its state to __IAVF_REMOVE.\nLater shutdown callback of associated PF driver (e.g. ice_shutdown)\nis called. That callback calls among other things sriov_disable()\nthat calls indirectly iavf_remove() (see stack trace below).\nAs the adapter state is already __IAVF_REMOVE then the mentioned\nloop is end-less and shutdown process hangs.\n\nThe patch fixes this by checking adapter\u0027s state at the beginning\nof iavf_remove() and skips the rest of the function if the adapter\nis already in remove state (shutdown is in progress).\n\nReproducer:\n1. Create VF on PF driven by ice or i40e driver\n2. Ensure that the VF is bound to iavf driver\n3. Reboot\n\n[52625.981294] sysrq: SysRq : Show Blocked State\n[52625.988377] task:reboot state:D stack: 0 pid:17359 ppid: 1 f2\n[52625.996732] Call Trace:\n[52625.999187] __schedule+0x2d1/0x830\n[52626.007400] schedule+0x35/0xa0\n[52626.010545] schedule_hrtimeout_range_clock+0x83/0x100\n[52626.020046] usleep_range+0x5b/0x80\n[52626.023540] iavf_remove+0x63/0x5b0 [iavf]\n[52626.027645] pci_device_remove+0x3b/0xc0\n[52626.031572] device_release_driver_internal+0x103/0x1f0\n[52626.036805] pci_stop_bus_device+0x72/0xa0\n[52626.040904] pci_stop_and_remove_bus_device+0xe/0x20\n[52626.045870] pci_iov_remove_virtfn+0xba/0x120\n[52626.050232] sriov_disable+0x2f/0xe0\n[52626.053813] ice_free_vfs+0x7c/0x340 [ice]\n[52626.057946] ice_remove+0x220/0x240 [ice]\n[52626.061967] ice_shutdown+0x16/0x50 [ice]\n[52626.065987] pci_device_shutdown+0x34/0x60\n[52626.070086] device_shutdown+0x165/0x1c5\n[52626.074011] kernel_restart+0xe/0x30\n[52626.077593] __do_sys_reboot+0x1d2/0x210\n[52626.093815] do_syscall_64+0x5b/0x1a0\n[52626.097483] entry_SYSCALL_64_after_hwframe+0x65/0xca",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48840",
"url": "https://www.suse.com/security/cve/CVE-2022-48840"
},
{
"category": "external",
"summary": "SUSE Bug 1227990 for CVE-2022-48840",
"url": "https://bugzilla.suse.com/1227990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48840"
},
{
"cve": "CVE-2022-48841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()\n\nIt is possible to do NULL pointer dereference in routine that updates\nTx ring stats. Currently only stats and bytes are updated when ring\npointer is valid, but later on ring is accessed to propagate gathered Tx\nstats onto VSI stats.\n\nChange the existing logic to move to next ring when ring is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48841",
"url": "https://www.suse.com/security/cve/CVE-2022-48841"
},
{
"category": "external",
"summary": "SUSE Bug 1227991 for CVE-2022-48841",
"url": "https://bugzilla.suse.com/1227991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48841"
},
{
"cve": "CVE-2022-48842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix race condition during interface enslave\n\nCommit 5dbbbd01cbba83 (\"ice: Avoid RTNL lock when re-creating\nauxiliary device\") changes a process of re-creation of aux device\nso ice_plug_aux_dev() is called from ice_service_task() context.\nThis unfortunately opens a race window that can result in dead-lock\nwhen interface has left LAG and immediately enters LAG again.\n\nReproducer:\n```\n#!/bin/sh\n\nip link add lag0 type bond mode 1 miimon 100\nip link set lag0\n\nfor n in {1..10}; do\n echo Cycle: $n\n ip link set ens7f0 master lag0\n sleep 1\n ip link set ens7f0 nomaster\ndone\n```\n\nThis results in:\n[20976.208697] Workqueue: ice ice_service_task [ice]\n[20976.213422] Call Trace:\n[20976.215871] __schedule+0x2d1/0x830\n[20976.219364] schedule+0x35/0xa0\n[20976.222510] schedule_preempt_disabled+0xa/0x10\n[20976.227043] __mutex_lock.isra.7+0x310/0x420\n[20976.235071] enum_all_gids_of_dev_cb+0x1c/0x100 [ib_core]\n[20976.251215] ib_enum_roce_netdev+0xa4/0xe0 [ib_core]\n[20976.256192] ib_cache_setup_one+0x33/0xa0 [ib_core]\n[20976.261079] ib_register_device+0x40d/0x580 [ib_core]\n[20976.266139] irdma_ib_register_device+0x129/0x250 [irdma]\n[20976.281409] irdma_probe+0x2c1/0x360 [irdma]\n[20976.285691] auxiliary_bus_probe+0x45/0x70\n[20976.289790] really_probe+0x1f2/0x480\n[20976.298509] driver_probe_device+0x49/0xc0\n[20976.302609] bus_for_each_drv+0x79/0xc0\n[20976.306448] __device_attach+0xdc/0x160\n[20976.310286] bus_probe_device+0x9d/0xb0\n[20976.314128] device_add+0x43c/0x890\n[20976.321287] __auxiliary_device_add+0x43/0x60\n[20976.325644] ice_plug_aux_dev+0xb2/0x100 [ice]\n[20976.330109] ice_service_task+0xd0c/0xed0 [ice]\n[20976.342591] process_one_work+0x1a7/0x360\n[20976.350536] worker_thread+0x30/0x390\n[20976.358128] kthread+0x10a/0x120\n[20976.365547] ret_from_fork+0x1f/0x40\n...\n[20976.438030] task:ip state:D stack: 0 pid:213658 ppid:213627 flags:0x00004084\n[20976.446469] Call Trace:\n[20976.448921] __schedule+0x2d1/0x830\n[20976.452414] schedule+0x35/0xa0\n[20976.455559] schedule_preempt_disabled+0xa/0x10\n[20976.460090] __mutex_lock.isra.7+0x310/0x420\n[20976.464364] device_del+0x36/0x3c0\n[20976.467772] ice_unplug_aux_dev+0x1a/0x40 [ice]\n[20976.472313] ice_lag_event_handler+0x2a2/0x520 [ice]\n[20976.477288] notifier_call_chain+0x47/0x70\n[20976.481386] __netdev_upper_dev_link+0x18b/0x280\n[20976.489845] bond_enslave+0xe05/0x1790 [bonding]\n[20976.494475] do_setlink+0x336/0xf50\n[20976.502517] __rtnl_newlink+0x529/0x8b0\n[20976.543441] rtnl_newlink+0x43/0x60\n[20976.546934] rtnetlink_rcv_msg+0x2b1/0x360\n[20976.559238] netlink_rcv_skb+0x4c/0x120\n[20976.563079] netlink_unicast+0x196/0x230\n[20976.567005] netlink_sendmsg+0x204/0x3d0\n[20976.570930] sock_sendmsg+0x4c/0x50\n[20976.574423] ____sys_sendmsg+0x1eb/0x250\n[20976.586807] ___sys_sendmsg+0x7c/0xc0\n[20976.606353] __sys_sendmsg+0x57/0xa0\n[20976.609930] do_syscall_64+0x5b/0x1a0\n[20976.613598] entry_SYSCALL_64_after_hwframe+0x65/0xca\n\n1. Command \u0027ip link ... set nomaster\u0027 causes that ice_plug_aux_dev()\n is called from ice_service_task() context, aux device is created\n and associated device-\u003elock is taken.\n2. Command \u0027ip link ... set master...\u0027 calls ice\u0027s notifier under\n RTNL lock and that notifier calls ice_unplug_aux_dev(). That\n function tries to take aux device-\u003elock but this is already taken\n by ice_plug_aux_dev() in step 1\n3. Later ice_plug_aux_dev() tries to take RTNL lock but this is already\n taken in step 2\n4. Dead-lock\n\nThe patch fixes this issue by following changes:\n- Bit ICE_FLAG_PLUG_AUX_DEV is kept to be set during ice_plug_aux_dev()\n call in ice_service_task()\n- The bit is checked in ice_clear_rdma_cap() and only if it is not set\n then ice_unplug_aux_dev() is called. If it is set (in other words\n plugging of aux device was requested and ice_plug_aux_dev() is\n potentially running) then the function only clears the\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48842",
"url": "https://www.suse.com/security/cve/CVE-2022-48842"
},
{
"category": "external",
"summary": "SUSE Bug 1228064 for CVE-2022-48842",
"url": "https://bugzilla.suse.com/1228064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48842"
},
{
"cve": "CVE-2022-48843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48843"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vrr: Set VRR capable prop only if it is attached to connector\n\nVRR capable property is not attached by default to the connector\nIt is attached only if VRR is supported.\nSo if the driver tries to call drm core set prop function without\nit being attached that causes NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48843",
"url": "https://www.suse.com/security/cve/CVE-2022-48843"
},
{
"category": "external",
"summary": "SUSE Bug 1228066 for CVE-2022-48843",
"url": "https://bugzilla.suse.com/1228066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48843"
},
{
"cve": "CVE-2022-48847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: Fix filter limit check\n\nIn watch_queue_set_filter(), there are a couple of places where we check\nthat the filter type value does not exceed what the type_filter bitmap\ncan hold. One place calculates the number of bits by:\n\n if (tf[i].type \u003e= sizeof(wfilter-\u003etype_filter) * 8)\n\nwhich is fine, but the second does:\n\n if (tf[i].type \u003e= sizeof(wfilter-\u003etype_filter) * BITS_PER_LONG)\n\nwhich is not. This can lead to a couple of out-of-bounds writes due to\na too-large type:\n\n (1) __set_bit() on wfilter-\u003etype_filter\n (2) Writing more elements in wfilter-\u003efilters[] than we allocated.\n\nFix this by just using the proper WATCH_TYPE__NR instead, which is the\nnumber of types we actually know about.\n\nThe bug may cause an oops looking something like:\n\n BUG: KASAN: slab-out-of-bounds in watch_queue_set_filter+0x659/0x740\n Write of size 4 at addr ffff88800d2c66bc by task watch_queue_oob/611\n ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x45/0x59\n print_address_description.constprop.0+0x1f/0x150\n ...\n kasan_report.cold+0x7f/0x11b\n ...\n watch_queue_set_filter+0x659/0x740\n ...\n __x64_sys_ioctl+0x127/0x190\n do_syscall_64+0x43/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n Allocated by task 611:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0x81/0xa0\n watch_queue_set_filter+0x23a/0x740\n __x64_sys_ioctl+0x127/0x190\n do_syscall_64+0x43/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n The buggy address belongs to the object at ffff88800d2c66a0\n which belongs to the cache kmalloc-32 of size 32\n The buggy address is located 28 bytes inside of\n 32-byte region [ffff88800d2c66a0, ffff88800d2c66c0)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48847",
"url": "https://www.suse.com/security/cve/CVE-2022-48847"
},
{
"category": "external",
"summary": "SUSE Bug 1227993 for CVE-2022-48847",
"url": "https://bugzilla.suse.com/1227993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48847"
},
{
"cve": "CVE-2022-48849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: bypass tiling flag check in virtual display case (v2)\n\nvkms leverages common amdgpu framebuffer creation, and\nalso as it does not support FB modifier, there is no need\nto check tiling flags when initing framebuffer when virtual\ndisplay is enabled.\n\nThis can fix below calltrace:\n\namdgpu 0000:00:08.0: GFX9+ requires FB check based on format modifier\nWARNING: CPU: 0 PID: 1023 at drivers/gpu/drm/amd/amdgpu/amdgpu_display.c:1150 amdgpu_display_framebuffer_init+0x8e7/0xb40 [amdgpu]\n\nv2: check adev-\u003eenable_virtual_display instead as vkms can be\n\tenabled in bare metal as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48849",
"url": "https://www.suse.com/security/cve/CVE-2022-48849"
},
{
"category": "external",
"summary": "SUSE Bug 1228061 for CVE-2022-48849",
"url": "https://bugzilla.suse.com/1228061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48849"
},
{
"cve": "CVE-2022-48851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: gdm724x: fix use after free in gdm_lte_rx()\n\nThe netif_rx_ni() function frees the skb so we can\u0027t dereference it to\nsave the skb-\u003elen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48851",
"url": "https://www.suse.com/security/cve/CVE-2022-48851"
},
{
"category": "external",
"summary": "SUSE Bug 1227997 for CVE-2022-48851",
"url": "https://bugzilla.suse.com/1227997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48851"
},
{
"cve": "CVE-2022-48853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nswiotlb: fix info leak with DMA_FROM_DEVICE\n\nThe problem I\u0027m addressing was discovered by the LTP test covering\ncve-2018-1000204.\n\nA short description of what happens follows:\n1) The test case issues a command code 00 (TEST UNIT READY) via the SG_IO\n interface with: dxfer_len == 524288, dxdfer_dir == SG_DXFER_FROM_DEV\n and a corresponding dxferp. The peculiar thing about this is that TUR\n is not reading from the device.\n2) In sg_start_req() the invocation of blk_rq_map_user() effectively\n bounces the user-space buffer. As if the device was to transfer into\n it. Since commit a45b599ad808 (\"scsi: sg: allocate with __GFP_ZERO in\n sg_build_indirect()\") we make sure this first bounce buffer is\n allocated with GFP_ZERO.\n3) For the rest of the story we keep ignoring that we have a TUR, so the\n device won\u0027t touch the buffer we prepare as if the we had a\n DMA_FROM_DEVICE type of situation. My setup uses a virtio-scsi device\n and the buffer allocated by SG is mapped by the function\n virtqueue_add_split() which uses DMA_FROM_DEVICE for the \"in\" sgs (here\n scatter-gather and not scsi generics). This mapping involves bouncing\n via the swiotlb (we need swiotlb to do virtio in protected guest like\n s390 Secure Execution, or AMD SEV).\n4) When the SCSI TUR is done, we first copy back the content of the second\n (that is swiotlb) bounce buffer (which most likely contains some\n previous IO data), to the first bounce buffer, which contains all\n zeros. Then we copy back the content of the first bounce buffer to\n the user-space buffer.\n5) The test case detects that the buffer, which it zero-initialized,\n ain\u0027t all zeros and fails.\n\nOne can argue that this is an swiotlb problem, because without swiotlb\nwe leak all zeros, and the swiotlb should be transparent in a sense that\nit does not affect the outcome (if all other participants are well\nbehaved).\n\nCopying the content of the original buffer into the swiotlb buffer is\nthe only way I can think of to make swiotlb transparent in such\nscenarios. So let\u0027s do just that if in doubt, but allow the driver\nto tell us that the whole mapped buffer is going to be overwritten,\nin which case we can preserve the old behavior and avoid the performance\nimpact of the extra bounce.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48853",
"url": "https://www.suse.com/security/cve/CVE-2022-48853"
},
{
"category": "external",
"summary": "SUSE Bug 1228015 for CVE-2022-48853",
"url": "https://bugzilla.suse.com/1228015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48853"
},
{
"cve": "CVE-2022-48856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngianfar: ethtool: Fix refcount leak in gfar_get_ts_info\n\nThe of_find_compatible_node() function returns a node pointer with\nrefcount incremented, We should use of_node_put() on it when done\nAdd the missing of_node_put() to release the refcount.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48856",
"url": "https://www.suse.com/security/cve/CVE-2022-48856"
},
{
"category": "external",
"summary": "SUSE Bug 1228004 for CVE-2022-48856",
"url": "https://bugzilla.suse.com/1228004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48856"
},
{
"cve": "CVE-2022-48857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: port100: fix use-after-free in port100_send_complete\n\nSyzbot reported UAF in port100_send_complete(). The root case is in\nmissing usb_kill_urb() calls on error handling path of -\u003eprobe function.\n\nport100_send_complete() accesses devm allocated memory which will be\nfreed on probe failure. We should kill this urbs before returning an\nerror from probe function to prevent reported use-after-free\n\nFail log:\n\nBUG: KASAN: use-after-free in port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935\nRead of size 1 at addr ffff88801bb59540 by task ksoftirqd/2/26\n...\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935\n __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1670\n\n...\n\nAllocated by task 1255:\n kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\n kasan_set_track mm/kasan/common.c:45 [inline]\n set_alloc_info mm/kasan/common.c:436 [inline]\n ____kasan_kmalloc mm/kasan/common.c:515 [inline]\n ____kasan_kmalloc mm/kasan/common.c:474 [inline]\n __kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:524\n alloc_dr drivers/base/devres.c:116 [inline]\n devm_kmalloc+0x96/0x1d0 drivers/base/devres.c:823\n devm_kzalloc include/linux/device.h:209 [inline]\n port100_probe+0x8a/0x1320 drivers/nfc/port100.c:1502\n\nFreed by task 1255:\n kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\n kasan_set_track+0x21/0x30 mm/kasan/common.c:45\n kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370\n ____kasan_slab_free mm/kasan/common.c:366 [inline]\n ____kasan_slab_free+0xff/0x140 mm/kasan/common.c:328\n kasan_slab_free include/linux/kasan.h:236 [inline]\n __cache_free mm/slab.c:3437 [inline]\n kfree+0xf8/0x2b0 mm/slab.c:3794\n release_nodes+0x112/0x1a0 drivers/base/devres.c:501\n devres_release_all+0x114/0x190 drivers/base/devres.c:530\n really_probe+0x626/0xcc0 drivers/base/dd.c:670",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48857",
"url": "https://www.suse.com/security/cve/CVE-2022-48857"
},
{
"category": "external",
"summary": "SUSE Bug 1228005 for CVE-2022-48857",
"url": "https://bugzilla.suse.com/1228005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48857"
},
{
"cve": "CVE-2022-48858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix a race on command flush flow\n\nFix a refcount use after free warning due to a race on command entry.\nSuch race occurs when one of the commands releases its last refcount and\nfrees its index and entry while another process running command flush\nflow takes refcount to this command entry. The process which handles\ncommands flush may see this command as needed to be flushed if the other\nprocess released its refcount but didn\u0027t release the index yet. Fix it\nby adding the needed spin lock.\n\nIt fixes the following warning trace:\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 11 PID: 540311 at lib/refcount.c:25 refcount_warn_saturate+0x80/0xe0\n...\nRIP: 0010:refcount_warn_saturate+0x80/0xe0\n...\nCall Trace:\n \u003cTASK\u003e\n mlx5_cmd_trigger_completions+0x293/0x340 [mlx5_core]\n mlx5_cmd_flush+0x3a/0xf0 [mlx5_core]\n enter_error_state+0x44/0x80 [mlx5_core]\n mlx5_fw_fatal_reporter_err_work+0x37/0xe0 [mlx5_core]\n process_one_work+0x1be/0x390\n worker_thread+0x4d/0x3d0\n ? rescuer_thread+0x350/0x350\n kthread+0x141/0x160\n ? set_kthread_struct+0x40/0x40\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48858",
"url": "https://www.suse.com/security/cve/CVE-2022-48858"
},
{
"category": "external",
"summary": "SUSE Bug 1228006 for CVE-2022-48858",
"url": "https://bugzilla.suse.com/1228006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48858"
},
{
"cve": "CVE-2022-48859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr\n\nThis node pointer is returned by of_find_compatible_node() with\nrefcount incremented. Calling of_node_put() to aovid the refcount leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48859",
"url": "https://www.suse.com/security/cve/CVE-2022-48859"
},
{
"category": "external",
"summary": "SUSE Bug 1228007 for CVE-2022-48859",
"url": "https://bugzilla.suse.com/1228007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48859"
},
{
"cve": "CVE-2022-48860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nethernet: Fix error handling in xemaclite_of_probe\n\nThis node pointer is returned by of_parse_phandle() with refcount\nincremented in this function. Calling of_node_put() to avoid the\nrefcount leak. As the remove function do.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48860",
"url": "https://www.suse.com/security/cve/CVE-2022-48860"
},
{
"category": "external",
"summary": "SUSE Bug 1228008 for CVE-2022-48860",
"url": "https://bugzilla.suse.com/1228008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48860"
},
{
"cve": "CVE-2022-48861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: fix use-after-free on vp_vdpa_remove\n\nWhen vp_vdpa driver is unbind, vp_vdpa is freed in vdpa_unregister_device\nand then vp_vdpa-\u003emdev.pci_dev is dereferenced in vp_modern_remove,\ntriggering use-after-free.\n\nCall Trace of unbinding driver free vp_vdpa :\ndo_syscall_64\n vfs_write\n kernfs_fop_write_iter\n device_release_driver_internal\n pci_device_remove\n vp_vdpa_remove\n vdpa_unregister_device\n kobject_release\n device_release\n kfree\n\nCall Trace of dereference vp_vdpa-\u003emdev.pci_dev:\nvp_modern_remove\n pci_release_selected_regions\n pci_release_region\n pci_resource_len\n pci_resource_end\n (dev)-\u003eresource[(bar)].end",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48861",
"url": "https://www.suse.com/security/cve/CVE-2022-48861"
},
{
"category": "external",
"summary": "SUSE Bug 1228009 for CVE-2022-48861",
"url": "https://bugzilla.suse.com/1228009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48861"
},
{
"cve": "CVE-2022-48862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: fix hung thread due to erroneous iotlb entries\n\nIn vhost_iotlb_add_range_ctx(), range size can overflow to 0 when\nstart is 0 and last is ULONG_MAX. One instance where it can happen\nis when userspace sends an IOTLB message with iova=size=uaddr=0\n(vhost_process_iotlb_msg). So, an entry with size = 0, start = 0,\nlast = ULONG_MAX ends up in the iotlb. Next time a packet is sent,\niotlb_access_ok() loops indefinitely due to that erroneous entry.\n\n\tCall Trace:\n\t \u003cTASK\u003e\n\t iotlb_access_ok+0x21b/0x3e0 drivers/vhost/vhost.c:1340\n\t vq_meta_prefetch+0xbc/0x280 drivers/vhost/vhost.c:1366\n\t vhost_transport_do_send_pkt+0xe0/0xfd0 drivers/vhost/vsock.c:104\n\t vhost_worker+0x23d/0x3d0 drivers/vhost/vhost.c:372\n\t kthread+0x2e9/0x3a0 kernel/kthread.c:377\n\t ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295\n\t \u003c/TASK\u003e\n\nReported by syzbot at:\n\thttps://syzkaller.appspot.com/bug?extid=0abd373e2e50d704db87\n\nTo fix this, do two things:\n\n1. Return -EINVAL in vhost_chr_write_iter() when userspace asks to map\n a range with size 0.\n2. Fix vhost_iotlb_add_range_ctx() to handle the range [0, ULONG_MAX]\n by splitting it into two entries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48862",
"url": "https://www.suse.com/security/cve/CVE-2022-48862"
},
{
"category": "external",
"summary": "SUSE Bug 1228010 for CVE-2022-48862",
"url": "https://bugzilla.suse.com/1228010"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48862"
},
{
"cve": "CVE-2022-48863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: Fix memory leak in dsp_pipeline_build()\n\ndsp_pipeline_build() allocates dup pointer by kstrdup(cfg),\nbut then it updates dup variable by strsep(\u0026dup, \"|\").\nAs a result when it calls kfree(dup), the dup variable contains NULL.\n\nFound by Linux Driver Verification project (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48863",
"url": "https://www.suse.com/security/cve/CVE-2022-48863"
},
{
"category": "external",
"summary": "SUSE Bug 1228063 for CVE-2022-48863",
"url": "https://bugzilla.suse.com/1228063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-48863"
},
{
"cve": "CVE-2022-48866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts\n\nSyzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug.\nThe root case is in missing validation check of actual number of endpoints.\n\nCode should not blindly access usb_host_interface::endpoint array, since\nit may contain less endpoints than code expects.\n\nFix it by adding missing validaion check and print an error if\nnumber of endpoints do not match expected number",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48866",
"url": "https://www.suse.com/security/cve/CVE-2022-48866"
},
{
"category": "external",
"summary": "SUSE Bug 1228014 for CVE-2022-48866",
"url": "https://bugzilla.suse.com/1228014"
},
{
"category": "external",
"summary": "SUSE Bug 1228785 for CVE-2022-48866",
"url": "https://bugzilla.suse.com/1228785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2022-48866"
},
{
"cve": "CVE-2023-52762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-blk: fix implicit overflow on virtio_max_dma_size\n\nThe following codes have an implicit conversion from size_t to u32:\n(u32)max_size = (size_t)virtio_max_dma_size(vdev);\n\nThis may lead overflow, Ex (size_t)4G -\u003e (u32)0. Once\nvirtio_max_dma_size() has a larger size than U32_MAX, use U32_MAX\ninstead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52762",
"url": "https://www.suse.com/security/cve/CVE-2023-52762"
},
{
"category": "external",
"summary": "SUSE Bug 1225573 for CVE-2023-52762",
"url": "https://bugzilla.suse.com/1225573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2023-52762"
},
{
"cve": "CVE-2023-52766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler\n\nDo not loop over ring headers in hci_dma_irq_handler() that are not\nallocated and enabled in hci_dma_init(). Otherwise out of bounds access\nwill occur from rings-\u003eheaders[i] access when i \u003e= number of allocated\nring headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52766",
"url": "https://www.suse.com/security/cve/CVE-2023-52766"
},
{
"category": "external",
"summary": "SUSE Bug 1230620 for CVE-2023-52766",
"url": "https://bugzilla.suse.com/1230620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2023-52766"
},
{
"cve": "CVE-2023-52800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix htt pktlog locking\n\nThe ath11k active pdevs are protected by RCU but the htt pktlog handling\ncode calling ath11k_mac_get_ar_by_pdev_id() was not marked as a\nread-side critical section.\n\nMark the code in question as an RCU read-side critical section to avoid\nany potential use-after-free issues.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52800",
"url": "https://www.suse.com/security/cve/CVE-2023-52800"
},
{
"category": "external",
"summary": "SUSE Bug 1230600 for CVE-2023-52800",
"url": "https://bugzilla.suse.com/1230600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2023-52800"
},
{
"cve": "CVE-2023-52885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix UAF in svc_tcp_listen_data_ready()\n\nAfter the listener svc_sock is freed, and before invoking svc_tcp_accept()\nfor the established child sock, there is a window that the newsock\nretaining a freed listener svc_sock in sk_user_data which cloning from\nparent. In the race window, if data is received on the newsock, we will\nobserve use-after-free report in svc_tcp_listen_data_ready().\n\nReproduce by two tasks:\n\n1. while :; do rpc.nfsd 0 ; rpc.nfsd; done\n2. while :; do echo \"\" | ncat -4 127.0.0.1 2049 ; done\n\nKASAN report:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n Read of size 8 at addr ffff888139d96228 by task nc/102553\n CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18\n Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x33/0x50\n print_address_description.constprop.0+0x27/0x310\n print_report+0x3e/0x70\n kasan_report+0xae/0xe0\n svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n tcp_data_queue+0x9f4/0x20e0\n tcp_rcv_established+0x666/0x1f60\n tcp_v4_do_rcv+0x51c/0x850\n tcp_v4_rcv+0x23fc/0x2e80\n ip_protocol_deliver_rcu+0x62/0x300\n ip_local_deliver_finish+0x267/0x350\n ip_local_deliver+0x18b/0x2d0\n ip_rcv+0x2fb/0x370\n __netif_receive_skb_one_core+0x166/0x1b0\n process_backlog+0x24c/0x5e0\n __napi_poll+0xa2/0x500\n net_rx_action+0x854/0xc90\n __do_softirq+0x1bb/0x5de\n do_softirq+0xcb/0x100\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n ...\n \u003c/TASK\u003e\n\n Allocated by task 102371:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_kmalloc+0x7b/0x90\n svc_setup_socket+0x52/0x4f0 [sunrpc]\n svc_addsock+0x20d/0x400 [sunrpc]\n __write_ports_addfd+0x209/0x390 [nfsd]\n write_ports+0x239/0x2c0 [nfsd]\n nfsctl_transaction_write+0xac/0x110 [nfsd]\n vfs_write+0x1c3/0xae0\n ksys_write+0xed/0x1c0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\n Freed by task 102551:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x50\n __kasan_slab_free+0x106/0x190\n __kmem_cache_free+0x133/0x270\n svc_xprt_free+0x1e2/0x350 [sunrpc]\n svc_xprt_destroy_all+0x25a/0x440 [sunrpc]\n nfsd_put+0x125/0x240 [nfsd]\n nfsd_svc+0x2cb/0x3c0 [nfsd]\n write_threads+0x1ac/0x2a0 [nfsd]\n nfsctl_transaction_write+0xac/0x110 [nfsd]\n vfs_write+0x1c3/0xae0\n ksys_write+0xed/0x1c0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFix the UAF by simply doing nothing in svc_tcp_listen_data_ready()\nif state != TCP_LISTEN, that will avoid dereferencing svsk for all\nchild socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52885",
"url": "https://www.suse.com/security/cve/CVE-2023-52885"
},
{
"category": "external",
"summary": "SUSE Bug 1227750 for CVE-2023-52885",
"url": "https://bugzilla.suse.com/1227750"
},
{
"category": "external",
"summary": "SUSE Bug 1227753 for CVE-2023-52885",
"url": "https://bugzilla.suse.com/1227753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2023-52885"
},
{
"cve": "CVE-2023-52886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix race by not overwriting udev-\u003edescriptor in hub_port_init()\n\nSyzbot reported an out-of-bounds read in sysfs.c:read_descriptors():\n\nBUG: KASAN: slab-out-of-bounds in read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883\nRead of size 8 at addr ffff88801e78b8c8 by task udevd/5011\n\nCPU: 0 PID: 5011 Comm: udevd Not tainted 6.4.0-rc6-syzkaller-00195-g40f71e7cd3c6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:351\n print_report mm/kasan/report.c:462 [inline]\n kasan_report+0x11c/0x130 mm/kasan/report.c:572\n read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883\n...\nAllocated by task 758:\n...\n __do_kmalloc_node mm/slab_common.c:966 [inline]\n __kmalloc+0x5e/0x190 mm/slab_common.c:979\n kmalloc include/linux/slab.h:563 [inline]\n kzalloc include/linux/slab.h:680 [inline]\n usb_get_configuration+0x1f7/0x5170 drivers/usb/core/config.c:887\n usb_enumerate_device drivers/usb/core/hub.c:2407 [inline]\n usb_new_device+0x12b0/0x19d0 drivers/usb/core/hub.c:2545\n\nAs analyzed by Khazhy Kumykov, the cause of this bug is a race between\nread_descriptors() and hub_port_init(): The first routine uses a field\nin udev-\u003edescriptor, not expecting it to change, while the second\noverwrites it.\n\nPrior to commit 45bf39f8df7f (\"USB: core: Don\u0027t hold device lock while\nreading the \"descriptors\" sysfs file\") this race couldn\u0027t occur,\nbecause the routines were mutually exclusive thanks to the device\nlocking. Removing that locking from read_descriptors() exposed it to\nthe race.\n\nThe best way to fix the bug is to keep hub_port_init() from changing\nudev-\u003edescriptor once udev has been initialized and registered.\nDrivers expect the descriptors stored in the kernel to be immutable;\nwe should not undermine this expectation. In fact, this change should\nhave been made long ago.\n\nSo now hub_port_init() will take an additional argument, specifying a\nbuffer in which to store the device descriptor it reads. (If udev has\nnot yet been initialized, the buffer pointer will be NULL and then\nhub_port_init() will store the device descriptor in udev as before.)\nThis eliminates the data race responsible for the out-of-bounds read.\n\nThe changes to hub_port_init() appear more extensive than they really\nare, because of indentation changes resulting from an attempt to avoid\nwriting to other parts of the usb_device structure after it has been\ninitialized. Similar changes should be made to the code that reads\nthe BOS descriptor, but that can be handled in a separate patch later\non. This patch is sufficient to fix the bug found by syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52886",
"url": "https://www.suse.com/security/cve/CVE-2023-52886"
},
{
"category": "external",
"summary": "SUSE Bug 1227981 for CVE-2023-52886",
"url": "https://bugzilla.suse.com/1227981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2023-52886"
},
{
"cve": "CVE-2024-26583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between async notify and socket close\n\nThe submitting thread (one which called recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete()\nso any code past that point risks touching already freed data.\n\nTry to avoid the locking and extra flags altogether.\nHave the main thread hold an extra reference, this way\nwe can depend solely on the atomic ref counter for\nsynchronization.\n\nDon\u0027t futz with reiniting the completion, either, we are now\ntightly controlling when completion fires.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26583",
"url": "https://www.suse.com/security/cve/CVE-2024-26583"
},
{
"category": "external",
"summary": "SUSE Bug 1220185 for CVE-2024-26583",
"url": "https://bugzilla.suse.com/1220185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-26583"
},
{
"cve": "CVE-2024-26584",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26584"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: handle backlogging of crypto requests\n\nSince we\u0027re setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our\nrequests to the crypto API, crypto_aead_{encrypt,decrypt} can return\n -EBUSY instead of -EINPROGRESS in valid situations. For example, when\nthe cryptd queue for AESNI is full (easy to trigger with an\nartificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued\nto the backlog but still processed. In that case, the async callback\nwill also be called twice: first with err == -EINPROGRESS, which it\nseems we can just ignore, then with err == 0.\n\nCompared to Sabrina\u0027s original patch this version uses the new\ntls_*crypt_async_wait() helpers and converts the EBUSY to\nEINPROGRESS to avoid having to modify all the error handling\npaths. The handling is identical.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26584",
"url": "https://www.suse.com/security/cve/CVE-2024-26584"
},
{
"category": "external",
"summary": "SUSE Bug 1220186 for CVE-2024-26584",
"url": "https://bugzilla.suse.com/1220186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-26584"
},
{
"cve": "CVE-2024-26800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix use-after-free on failed backlog decryption\n\nWhen the decrypt request goes to the backlog and crypto_aead_decrypt\nreturns -EBUSY, tls_do_decryption will wait until all async\ndecryptions have completed. If one of them fails, tls_do_decryption\nwill return -EBADMSG and tls_decrypt_sg jumps to the error path,\nreleasing all the pages. But the pages have been passed to the async\ncallback, and have already been released by tls_decrypt_done.\n\nThe only true async case is when crypto_aead_decrypt returns\n -EINPROGRESS. With -EBUSY, we already waited so we can tell\ntls_sw_recvmsg that the data is available for immediate copy, but we\nneed to notify tls_decrypt_sg (via the new -\u003easync_done flag) that the\nmemory has already been released.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26800",
"url": "https://www.suse.com/security/cve/CVE-2024-26800"
},
{
"category": "external",
"summary": "SUSE Bug 1222728 for CVE-2024-26800",
"url": "https://bugzilla.suse.com/1222728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-26800"
},
{
"cve": "CVE-2024-26813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: Create persistent IRQ handlers\n\nThe vfio-platform SET_IRQS ioctl currently allows loopback triggering of\nan interrupt before a signaling eventfd has been configured by the user,\nwhich thereby allows a NULL pointer dereference.\n\nRather than register the IRQ relative to a valid trigger, register all\nIRQs in a disabled state in the device open path. This allows mask\noperations on the IRQ to nest within the overall enable state governed\nby a valid eventfd signal. This decouples @masked, protected by the\n@locked spinlock from @trigger, protected via the @igate mutex.\n\nIn doing so, it\u0027s guaranteed that changes to @trigger cannot race the\nIRQ handlers because the IRQ handler is synchronously disabled before\nmodifying the trigger, and loopback triggering of the IRQ via ioctl is\nsafe due to serialization with trigger changes via igate.\n\nFor compatibility, request_irq() failures are maintained to be local to\nthe SET_IRQS ioctl rather than a fatal error in the open device path.\nThis allows, for example, a userspace driver with polling mode support\nto continue to work regardless of moving the request_irq() call site.\nThis necessarily blocks all SET_IRQS access to the failed index.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26813",
"url": "https://www.suse.com/security/cve/CVE-2024-26813"
},
{
"category": "external",
"summary": "SUSE Bug 1222809 for CVE-2024-26813",
"url": "https://bugzilla.suse.com/1222809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-26813"
},
{
"cve": "CVE-2024-26814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26814"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/fsl-mc: Block calling interrupt handler without trigger\n\nThe eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is\ninitially NULL and may become NULL if the user sets the trigger\neventfd to -1. The interrupt handler itself is guaranteed that\ntrigger is always valid between request_irq() and free_irq(), but\nthe loopback testing mechanisms to invoke the handler function\nneed to test the trigger. The triggering and setting ioctl paths\nboth make use of igate and are therefore mutually exclusive.\n\nThe vfio-fsl-mc driver does not make use of irqfds, nor does it\nsupport any sort of masking operations, therefore unlike vfio-pci\nand vfio-platform, the flow can remain essentially unchanged.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26814",
"url": "https://www.suse.com/security/cve/CVE-2024-26814"
},
{
"category": "external",
"summary": "SUSE Bug 1222810 for CVE-2024-26814",
"url": "https://bugzilla.suse.com/1222810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-26814"
},
{
"cve": "CVE-2024-26976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26976"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Always flush async #PF workqueue when vCPU is being destroyed\n\nAlways flush the per-vCPU async #PF workqueue when a vCPU is clearing its\ncompletion queue, e.g. when a VM and all its vCPUs is being destroyed.\nKVM must ensure that none of its workqueue callbacks is running when the\nlast reference to the KVM _module_ is put. Gifting a reference to the\nassociated VM prevents the workqueue callback from dereferencing freed\nvCPU/VM memory, but does not prevent the KVM module from being unloaded\nbefore the callback completes.\n\nDrop the misguided VM refcount gifting, as calling kvm_put_kvm() from\nasync_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will\nresult in deadlock. async_pf_execute() can\u0027t return until kvm_put_kvm()\nfinishes, and kvm_put_kvm() can\u0027t return until async_pf_execute() finishes:\n\n WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm]\n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass\n CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Workqueue: events async_pf_execute [kvm]\n RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm]\n Call Trace:\n \u003cTASK\u003e\n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n INFO: task kworker/8:1:251 blocked for more than 120 seconds.\n Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000\n Workqueue: events async_pf_execute [kvm]\n Call Trace:\n \u003cTASK\u003e\n __schedule+0x33f/0xa40\n schedule+0x53/0xc0\n schedule_timeout+0x12a/0x140\n __wait_for_common+0x8d/0x1d0\n __flush_work.isra.0+0x19f/0x2c0\n kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm]\n kvm_arch_destroy_vm+0x78/0x1b0 [kvm]\n kvm_put_kvm+0x1c1/0x320 [kvm]\n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nIf kvm_clear_async_pf_completion_queue() actually flushes the workqueue,\nthen there\u0027s no need to gift async_pf_execute() a reference because all\ninvocations of async_pf_execute() will be forced to complete before the\nvCPU and its VM are destroyed/freed. And that in turn fixes the module\nunloading bug as __fput() won\u0027t do module_put() on the last vCPU reference\nuntil the vCPU has been freed, e.g. if closing the vCPU file also puts the\nlast reference to the KVM module.\n\nNote that kvm_check_async_pf_completion() may also take the work item off\nthe completion queue and so also needs to flush the work queue, as the\nwork will not be seen by kvm_clear_async_pf_completion_queue(). Waiting\non the workqueue could theoretically delay a vCPU due to waiting for the\nwork to complete, but that\u0027s a very, very small chance, and likely a very\nsmall delay. kvm_arch_async_page_present_queued() unconditionally makes a\nnew request, i.e. will effectively delay entering the guest, so the\nremaining work is really just:\n\n trace_kvm_async_pf_completed(addr, cr2_or_gpa);\n\n __kvm_vcpu_wake_up(vcpu);\n\n mmput(mm);\n\nand mmput() can\u0027t drop the last reference to the page tables if the vCPU is\nstill alive, i.e. the vCPU won\u0027t get stuck tearing down page tables.\n\nAdd a helper to do the flushing, specifically to deal with \"wakeup all\"\nwork items, as they aren\u0027t actually work items, i.e. are never placed in a\nworkqueue. Trying to flush a bogus workqueue entry rightly makes\n__flush_work() complain (kudos to whoever added that sanity check).\n\nNote, commit 5f6de5cbebee (\"KVM: Prevent module exit until al\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26976",
"url": "https://www.suse.com/security/cve/CVE-2024-26976"
},
{
"category": "external",
"summary": "SUSE Bug 1223635 for CVE-2024-26976",
"url": "https://bugzilla.suse.com/1223635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-26976"
},
{
"cve": "CVE-2024-35878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: module: prevent NULL pointer dereference in vsnprintf()\n\nIn of_modalias(), we can get passed the str and len parameters which would\ncause a kernel oops in vsnprintf() since it only allows passing a NULL ptr\nwhen the length is also 0. Also, we need to filter out the negative values\nof the len parameter as these will result in a really huge buffer since\nsnprintf() takes size_t parameter while ours is ssize_t...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35878",
"url": "https://www.suse.com/security/cve/CVE-2024-35878"
},
{
"category": "external",
"summary": "SUSE Bug 1224671 for CVE-2024-35878",
"url": "https://bugzilla.suse.com/1224671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-35878"
},
{
"cve": "CVE-2024-35901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35901"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix Rx DMA datasize and skb_over_panic\n\nmana_get_rxbuf_cfg() aligns the RX buffer\u0027s DMA datasize to be\nmultiple of 64. So a packet slightly bigger than mtu+14, say 1536,\ncan be received and cause skb_over_panic.\n\nSample dmesg:\n[ 5325.237162] skbuff: skb_over_panic: text:ffffffffc043277a len:1536 put:1536 head:ff1100018b517000 data:ff1100018b517100 tail:0x700 end:0x6ea dev:\u003cNULL\u003e\n[ 5325.243689] ------------[ cut here ]------------\n[ 5325.245748] kernel BUG at net/core/skbuff.c:192!\n[ 5325.247838] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 5325.258374] RIP: 0010:skb_panic+0x4f/0x60\n[ 5325.302941] Call Trace:\n[ 5325.304389] \u003cIRQ\u003e\n[ 5325.315794] ? skb_panic+0x4f/0x60\n[ 5325.317457] ? asm_exc_invalid_op+0x1f/0x30\n[ 5325.319490] ? skb_panic+0x4f/0x60\n[ 5325.321161] skb_put+0x4e/0x50\n[ 5325.322670] mana_poll+0x6fa/0xb50 [mana]\n[ 5325.324578] __napi_poll+0x33/0x1e0\n[ 5325.326328] net_rx_action+0x12e/0x280\n\nAs discussed internally, this alignment is not necessary. To fix\nthis bug, remove it from the code. So oversized packets will be\nmarked as CQE_RX_TRUNCATED by NIC, and dropped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35901",
"url": "https://www.suse.com/security/cve/CVE-2024-35901"
},
{
"category": "external",
"summary": "SUSE Bug 1224495 for CVE-2024-35901",
"url": "https://bugzilla.suse.com/1224495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-35901"
},
{
"cve": "CVE-2024-36974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP\n\nIf one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided,\ntaprio_parse_mqprio_opt() must validate it, or userspace\ncan inject arbitrary data to the kernel, the second time\ntaprio_change() is called.\n\nFirst call (with valid attributes) sets dev-\u003enum_tc\nto a non zero value.\n\nSecond call (with arbitrary mqprio attributes)\nreturns early from taprio_parse_mqprio_opt()\nand bad things can happen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36974",
"url": "https://www.suse.com/security/cve/CVE-2024-36974"
},
{
"category": "external",
"summary": "SUSE Bug 1226519 for CVE-2024-36974",
"url": "https://bugzilla.suse.com/1226519"
},
{
"category": "external",
"summary": "SUSE Bug 1227371 for CVE-2024-36974",
"url": "https://bugzilla.suse.com/1227371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-36974"
},
{
"cve": "CVE-2024-38555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Discard command completions in internal error\n\nFix use after free when FW completion arrives while device is in\ninternal error state. Avoid calling completion handler in this case,\nsince the device will flush the command interface and trigger all\ncompletions manually.\n\nKernel log:\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\n...\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\n...\nCall Trace:\n\u003cIRQ\u003e\n? __warn+0x79/0x120\n? refcount_warn_saturate+0xd8/0xe0\n? report_bug+0x17c/0x190\n? handle_bug+0x3c/0x60\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? refcount_warn_saturate+0xd8/0xe0\ncmd_ent_put+0x13b/0x160 [mlx5_core]\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nirq_int_handler+0x19/0x30 [mlx5_core]\n__handle_irq_event_percpu+0x4b/0x160\nhandle_irq_event+0x2e/0x80\nhandle_edge_irq+0x98/0x230\n__common_interrupt+0x3b/0xa0\ncommon_interrupt+0x7b/0xa0\n\u003c/IRQ\u003e\n\u003cTASK\u003e\nasm_common_interrupt+0x22/0x40",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38555",
"url": "https://www.suse.com/security/cve/CVE-2024-38555"
},
{
"category": "external",
"summary": "SUSE Bug 1226607 for CVE-2024-38555",
"url": "https://bugzilla.suse.com/1226607"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-38555"
},
{
"cve": "CVE-2024-39463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39463"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p: add missing locking around taking dentry fid list\n\nFix a use-after-free on dentry\u0027s d_fsdata fid list when a thread\nlooks up a fid through dentry while another thread unlinks it:\n\nUAF thread:\nrefcount_t: addition on 0; use-after-free.\n p9_fid_get linux/./include/net/9p/client.h:262\n v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129\n v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181\n v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314\n v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400\n vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248\n\nFreed by:\n p9_fid_destroy (inlined)\n p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456\n p9_fid_put linux/./include/net/9p/client.h:278\n v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55\n v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518\n vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335\n\nThe problem is that d_fsdata was not accessed under d_lock, because\nd_release() normally is only called once the dentry is otherwise no\nlonger accessible but since we also call it explicitly in v9fs_remove\nthat lock is required:\nmove the hlist out of the dentry under lock then unref its fids once\nthey are no longer accessible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39463",
"url": "https://www.suse.com/security/cve/CVE-2024-39463"
},
{
"category": "external",
"summary": "SUSE Bug 1227090 for CVE-2024-39463",
"url": "https://bugzilla.suse.com/1227090"
},
{
"category": "external",
"summary": "SUSE Bug 1227091 for CVE-2024-39463",
"url": "https://bugzilla.suse.com/1227091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-39463"
},
{
"cve": "CVE-2024-39494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry\u0027s dname.name\n\n-\u003ed_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (-\u003ed_lock on dentry,\n-\u003ed_lock on its parent, -\u003ei_rwsem exclusive on the parent\u0027s inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39494",
"url": "https://www.suse.com/security/cve/CVE-2024-39494"
},
{
"category": "external",
"summary": "SUSE Bug 1227716 for CVE-2024-39494",
"url": "https://bugzilla.suse.com/1227716"
},
{
"category": "external",
"summary": "SUSE Bug 1227901 for CVE-2024-39494",
"url": "https://bugzilla.suse.com/1227901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-39494"
},
{
"cve": "CVE-2024-40902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: xattr: fix buffer overflow for invalid xattr\n\nWhen an xattr size is not what is expected, it is printed out to the\nkernel log in hex format as a form of debugging. But when that xattr\nsize is bigger than the expected size, printing it out can cause an\naccess off the end of the buffer.\n\nFix this all up by properly restricting the size of the debug hex dump\nin the kernel log.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40902",
"url": "https://www.suse.com/security/cve/CVE-2024-40902"
},
{
"category": "external",
"summary": "SUSE Bug 1227764 for CVE-2024-40902",
"url": "https://bugzilla.suse.com/1227764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-40902"
},
{
"cve": "CVE-2024-40937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Clear napi-\u003eskb before dev_kfree_skb_any()\n\ngve_rx_free_skb incorrectly leaves napi-\u003eskb referencing an skb after it\nis freed with dev_kfree_skb_any(). This can result in a subsequent call\nto napi_get_frags returning a dangling pointer.\n\nFix this by clearing napi-\u003eskb before the skb is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40937",
"url": "https://www.suse.com/security/cve/CVE-2024-40937"
},
{
"category": "external",
"summary": "SUSE Bug 1227836 for CVE-2024-40937",
"url": "https://bugzilla.suse.com/1227836"
},
{
"category": "external",
"summary": "SUSE Bug 1227903 for CVE-2024-40937",
"url": "https://bugzilla.suse.com/1227903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-40937"
},
{
"cve": "CVE-2024-40954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40954"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not leave a dangling sk pointer, when socket creation fails\n\nIt is possible to trigger a use-after-free by:\n * attaching an fentry probe to __sock_release() and the probe calling the\n bpf_get_socket_cookie() helper\n * running traceroute -I 1.1.1.1 on a freshly booted VM\n\nA KASAN enabled kernel will log something like below (decoded and stripped):\n==================================================================\nBUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nRead of size 8 at addr ffff888007110dd8 by task traceroute/299\n\nCPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))\nprint_report (mm/kasan/report.c:378 mm/kasan/report.c:488)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_report (mm/kasan/report.c:603)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)\n__sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nbpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092)\nbpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e\nbpf_trampoline_6442506592+0x47/0xaf\n__sock_release (net/socket.c:652)\n__sock_create (net/socket.c:1601)\n...\nAllocated by task 299 on cpu 2 at 78.328492s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\n__kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338)\nkmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007)\nsk_prot_alloc (net/core/sock.c:2075)\nsk_alloc (net/core/sock.c:2134)\ninet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFreed by task 299 on cpu 2 at 78.328502s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\nkasan_save_free_info (mm/kasan/generic.c:582)\npoison_slab_object (mm/kasan/common.c:242)\n__kasan_slab_free (mm/kasan/common.c:256)\nkmem_cache_free (mm/slub.c:4437 mm/slub.c:4511)\n__sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208)\ninet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFix this by clearing the struct socket reference in sk_common_release() to cover\nall protocol families create functions, which may already attached the\nreference to the sk object with sock_init_data().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40954",
"url": "https://www.suse.com/security/cve/CVE-2024-40954"
},
{
"category": "external",
"summary": "SUSE Bug 1227808 for CVE-2024-40954",
"url": "https://bugzilla.suse.com/1227808"
},
{
"category": "external",
"summary": "SUSE Bug 1228786 for CVE-2024-40954",
"url": "https://bugzilla.suse.com/1228786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-40954"
},
{
"cve": "CVE-2024-40956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40956"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there\u0027s a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40956",
"url": "https://www.suse.com/security/cve/CVE-2024-40956"
},
{
"category": "external",
"summary": "SUSE Bug 1227810 for CVE-2024-40956",
"url": "https://bugzilla.suse.com/1227810"
},
{
"category": "external",
"summary": "SUSE Bug 1228585 for CVE-2024-40956",
"url": "https://bugzilla.suse.com/1228585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-40956"
},
{
"cve": "CVE-2024-40989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40989"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Disassociate vcpus from redistributor region on teardown\n\nWhen tearing down a redistributor region, make sure we don\u0027t have\nany dangling pointer to that region stored in a vcpu.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40989",
"url": "https://www.suse.com/security/cve/CVE-2024-40989"
},
{
"category": "external",
"summary": "SUSE Bug 1227823 for CVE-2024-40989",
"url": "https://bugzilla.suse.com/1227823"
},
{
"category": "external",
"summary": "SUSE Bug 1228589 for CVE-2024-40989",
"url": "https://bugzilla.suse.com/1228589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-40989"
},
{
"cve": "CVE-2024-40994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: fix integer overflow in max_vclocks_store\n\nOn 32bit systems, the \"4 * max\" multiply can overflow. Use kcalloc()\nto do the allocation to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40994",
"url": "https://www.suse.com/security/cve/CVE-2024-40994"
},
{
"category": "external",
"summary": "SUSE Bug 1227829 for CVE-2024-40994",
"url": "https://bugzilla.suse.com/1227829"
},
{
"category": "external",
"summary": "SUSE Bug 1228587 for CVE-2024-40994",
"url": "https://bugzilla.suse.com/1228587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-40994"
},
{
"cve": "CVE-2024-41011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don\u0027t allow mapping the MMIO HDP page with large pages\n\nWe don\u0027t get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with \u003e4K pages, we end up\nexposing PAGE_SIZE of MMIO space.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41011",
"url": "https://www.suse.com/security/cve/CVE-2024-41011"
},
{
"category": "external",
"summary": "SUSE Bug 1228114 for CVE-2024-41011",
"url": "https://bugzilla.suse.com/1228114"
},
{
"category": "external",
"summary": "SUSE Bug 1228115 for CVE-2024-41011",
"url": "https://bugzilla.suse.com/1228115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-41011"
},
{
"cve": "CVE-2024-41012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Remove locks reliably when fcntl/close race is detected\n\nWhen fcntl_setlk() races with close(), it removes the created lock with\ndo_lock_file_wait().\nHowever, LSMs can allow the first do_lock_file_wait() that created the lock\nwhile denying the second do_lock_file_wait() that tries to remove the lock.\nSeparately, posix_lock_file() could also fail to\nremove a lock due to GFP_KERNEL allocation failure (when splitting a range\nin the middle).\n\nAfter the bug has been triggered, use-after-free reads will occur in\nlock_get_status() when userspace reads /proc/locks. This can likely be used\nto read arbitrary kernel memory, but can\u0027t corrupt kernel memory.\n\nFix it by calling locks_remove_posix() instead, which is designed to\nreliably get rid of POSIX locks associated with the given file and\nfiles_struct and is also used by filp_flush().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41012",
"url": "https://www.suse.com/security/cve/CVE-2024-41012"
},
{
"category": "external",
"summary": "SUSE Bug 1228247 for CVE-2024-41012",
"url": "https://bugzilla.suse.com/1228247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-41012"
},
{
"cve": "CVE-2024-41059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41059"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix uninit-value in copy_name\n\n[syzbot reported]\nBUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160\n sized_strscpy+0xc4/0x160\n copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411\n hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3877 [inline]\n slab_alloc_node mm/slub.c:3918 [inline]\n kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065\n kmalloc include/linux/slab.h:628 [inline]\n hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[Fix]\nWhen allocating memory to strbuf, initialize memory to 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41059",
"url": "https://www.suse.com/security/cve/CVE-2024-41059"
},
{
"category": "external",
"summary": "SUSE Bug 1228561 for CVE-2024-41059",
"url": "https://bugzilla.suse.com/1228561"
},
{
"category": "external",
"summary": "SUSE Bug 1228573 for CVE-2024-41059",
"url": "https://bugzilla.suse.com/1228573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-41059"
},
{
"cve": "CVE-2024-41069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41069",
"url": "https://www.suse.com/security/cve/CVE-2024-41069"
},
{
"category": "external",
"summary": "SUSE Bug 1228644 for CVE-2024-41069",
"url": "https://bugzilla.suse.com/1228644"
},
{
"category": "external",
"summary": "SUSE Bug 1228645 for CVE-2024-41069",
"url": "https://bugzilla.suse.com/1228645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-41069"
},
{
"cve": "CVE-2024-41090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntap: add missing verification for short frame\n\nThe cited commit missed to check against the validity of the frame length\nin the tap_get_user_xdp() path, which could cause a corrupted skb to be\nsent downstack. Even before the skb is transmitted, the\ntap_get_user_xdp()--\u003eskb_set_network_header() may assume the size is more\nthan ETH_HLEN. Once transmitted, this could either cause out-of-bound\naccess beyond the actual length, or confuse the underlayer with incorrect\nor inconsistent header length in the skb metadata.\n\nIn the alternative path, tap_get_user() already prohibits short frame which\nhas the length less than Ethernet header size from being transmitted.\n\nThis is to drop any frame shorter than the Ethernet header size just like\nhow tap_get_user() does.\n\nCVE: CVE-2024-41090",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41090",
"url": "https://www.suse.com/security/cve/CVE-2024-41090"
},
{
"category": "external",
"summary": "SUSE Bug 1228328 for CVE-2024-41090",
"url": "https://bugzilla.suse.com/1228328"
},
{
"category": "external",
"summary": "SUSE Bug 1228714 for CVE-2024-41090",
"url": "https://bugzilla.suse.com/1228714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-41090"
},
{
"cve": "CVE-2024-42093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/dpaa2: Avoid explicit cpumask var allocation on stack\n\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\n\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\n\nUse *cpumask_var API(s) to address it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42093",
"url": "https://www.suse.com/security/cve/CVE-2024-42093"
},
{
"category": "external",
"summary": "SUSE Bug 1228680 for CVE-2024-42093",
"url": "https://bugzilla.suse.com/1228680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-42093"
},
{
"cve": "CVE-2024-42145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Implement a limit on UMAD receive List\n\nThe existing behavior of ib_umad, which maintains received MAD\npackets in an unbounded list, poses a risk of uncontrolled growth.\nAs user-space applications extract packets from this list, the rate\nof extraction may not match the rate of incoming packets, leading\nto potential list overflow.\n\nTo address this, we introduce a limit to the size of the list. After\nconsidering typical scenarios, such as OpenSM processing, which can\nhandle approximately 100k packets per second, and the 1-second retry\ntimeout for most packets, we set the list size limit to 200k. Packets\nreceived beyond this limit are dropped, assuming they are likely timed\nout by the time they are handled by user-space.\n\nNotably, packets queued on the receive list due to reasons like\ntimed-out sends are preserved even when the list is full.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42145",
"url": "https://www.suse.com/security/cve/CVE-2024-42145"
},
{
"category": "external",
"summary": "SUSE Bug 1223384 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "external",
"summary": "SUSE Bug 1228743 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "external",
"summary": "SUSE Bug 1228744 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "important"
}
],
"title": "CVE-2024-42145"
},
{
"cve": "CVE-2024-42230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix scv instruction crash with kexec\n\nkexec on pseries disables AIL (reloc_on_exc), required for scv\ninstruction support, before other CPUs have been shut down. This means\nthey can execute scv instructions after AIL is disabled, which causes an\ninterrupt at an unexpected entry location that crashes the kernel.\n\nChange the kexec sequence to disable AIL after other CPUs have been\nbrought down.\n\nAs a refresher, the real-mode scv interrupt vector is 0x17000, and the\nfixed-location head code probably couldn\u0027t easily deal with implementing\nsuch high addresses so it was just decided not to support that interrupt\nat all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42230",
"url": "https://www.suse.com/security/cve/CVE-2024-42230"
},
{
"category": "external",
"summary": "SUSE Bug 1228489 for CVE-2024-42230",
"url": "https://bugzilla.suse.com/1228489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.88.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.88.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.88.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:25:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-42230"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…