suse-su-2024:4208-1
Vulnerability from csaf_suse
Published
2024-12-05 15:33
Modified
2024-12-05 15:33
Summary
Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)
Notes
Title of the patch
Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)
Description of the patch
This update for the Linux Kernel 6.4.0-150600_23_7 fixes several issues.
The following security issues were fixed:
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).
- CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG (bsc#1228511).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1229273).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1231353).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
Patchnames
SUSE-2024-4208,SUSE-SLE-Module-Live-Patching-15-SP6-2024-4208
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_23_7 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733).\n- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).\n- CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG (bsc#1228511).\n- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1229273).\n- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819).\n- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1231353).\n- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739).\n- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4208,SUSE-SLE-Module-Live-Patching-15-SP6-2024-4208",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4208-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:4208-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244208-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:4208-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019924.html"
},
{
"category": "self",
"summary": "SUSE Bug 1225733",
"url": "https://bugzilla.suse.com/1225733"
},
{
"category": "self",
"summary": "SUSE Bug 1225739",
"url": "https://bugzilla.suse.com/1225739"
},
{
"category": "self",
"summary": "SUSE Bug 1225819",
"url": "https://bugzilla.suse.com/1225819"
},
{
"category": "self",
"summary": "SUSE Bug 1228786",
"url": "https://bugzilla.suse.com/1228786"
},
{
"category": "self",
"summary": "SUSE Bug 1229273",
"url": "https://bugzilla.suse.com/1229273"
},
{
"category": "self",
"summary": "SUSE Bug 1229553",
"url": "https://bugzilla.suse.com/1229553"
},
{
"category": "self",
"summary": "SUSE Bug 1231419",
"url": "https://bugzilla.suse.com/1231419"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52752 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35949 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36899 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36904 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40954 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42133 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43861/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2024-12-05T15:33:55Z",
"generator": {
"date": "2024-12-05T15:33:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:4208-1",
"initial_release_date": "2024-12-05T15:33:55Z",
"revision_history": [
{
"date": "2024-12-05T15:33:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free bug in cifs_debug_data_proc_show()\n\nSkip SMB sessions that are being teared down\n(e.g. @ses-\u003eses_status == SES_EXITING) in cifs_debug_data_proc_show()\nto avoid use-after-free in @ses.\n\nThis fixes the following GPF when reading from /proc/fs/cifs/DebugData\nwhile mounting and umounting\n\n [ 816.251274] general protection fault, probably for non-canonical\n address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI\n ...\n [ 816.260138] Call Trace:\n [ 816.260329] \u003cTASK\u003e\n [ 816.260499] ? die_addr+0x36/0x90\n [ 816.260762] ? exc_general_protection+0x1b3/0x410\n [ 816.261126] ? asm_exc_general_protection+0x26/0x30\n [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs]\n [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs]\n [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs]\n [ 816.262689] ? seq_read_iter+0x379/0x470\n [ 816.262995] seq_read_iter+0x118/0x470\n [ 816.263291] proc_reg_read_iter+0x53/0x90\n [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f\n [ 816.263945] vfs_read+0x201/0x350\n [ 816.264211] ksys_read+0x75/0x100\n [ 816.264472] do_syscall_64+0x3f/0x90\n [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n [ 816.265135] RIP: 0033:0x7fd5e669d381",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52752",
"url": "https://www.suse.com/security/cve/CVE-2023-52752"
},
{
"category": "external",
"summary": "SUSE Bug 1225487 for CVE-2023-52752",
"url": "https://bugzilla.suse.com/1225487"
},
{
"category": "external",
"summary": "SUSE Bug 1225819 for CVE-2023-52752",
"url": "https://bugzilla.suse.com/1225819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-05T15:33:55Z",
"details": "important"
}
],
"title": "CVE-2023-52752"
},
{
"cve": "CVE-2024-35949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make sure that WRITTEN is set on all metadata blocks\n\nWe previously would call btrfs_check_leaf() if we had the check\nintegrity code enabled, which meant that we could only run the extended\nleaf checks if we had WRITTEN set on the header flags.\n\nThis leaves a gap in our checking, because we could end up with\ncorruption on disk where WRITTEN isn\u0027t set on the leaf, and then the\nextended leaf checks don\u0027t get run which we rely on to validate all of\nthe item pointers to make sure we don\u0027t access memory outside of the\nextent buffer.\n\nHowever, since 732fab95abe2 (\"btrfs: check-integrity: remove\nCONFIG_BTRFS_FS_CHECK_INTEGRITY option\") we no longer call\nbtrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only\never call it on blocks that are being written out, and thus have WRITTEN\nset, or that are being read in, which should have WRITTEN set.\n\nAdd checks to make sure we have WRITTEN set appropriately, and then make\nsure __btrfs_check_leaf() always does the item checking. This will\nprotect us from file systems that have been corrupted and no longer have\nWRITTEN set on some of the blocks.\n\nThis was hit on a crafted image tweaking the WRITTEN bit and reported by\nKASAN as out-of-bound access in the eb accessors. The example is a dir\nitem at the end of an eb.\n\n [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2\n [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI\n [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f]\n [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1\n [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0\n [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206\n [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0\n [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748\n [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9\n [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a\n [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8\n [2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n [2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0\n [2.621] Call Trace:\n [2.621] \u003cTASK\u003e\n [2.621] ? show_regs+0x74/0x80\n [2.621] ? die_addr+0x46/0xc0\n [2.621] ? exc_general_protection+0x161/0x2a0\n [2.621] ? asm_exc_general_protection+0x26/0x30\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? btrfs_get_16+0x34b/0x6d0\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? __pfx_btrfs_get_16+0x10/0x10\n [2.621] ? __pfx_mutex_unlock+0x10/0x10\n [2.621] btrfs_match_dir_item_name+0x101/0x1a0\n [2.621] btrfs_lookup_dir_item+0x1f3/0x280\n [2.621] ? __pfx_btrfs_lookup_dir_item+0x10/0x10\n [2.621] btrfs_get_tree+0xd25/0x1910\n\n[ copy more details from report ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35949",
"url": "https://www.suse.com/security/cve/CVE-2024-35949"
},
{
"category": "external",
"summary": "SUSE Bug 1224700 for CVE-2024-35949",
"url": "https://bugzilla.suse.com/1224700"
},
{
"category": "external",
"summary": "SUSE Bug 1229273 for CVE-2024-35949",
"url": "https://bugzilla.suse.com/1229273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-05T15:33:55Z",
"details": "important"
}
],
"title": "CVE-2024-35949"
},
{
"cve": "CVE-2024-36899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36899"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: Fix use after free in lineinfo_changed_notify\n\nThe use-after-free issue occurs as follows: when the GPIO chip device file\nis being closed by invoking gpio_chrdev_release(), watched_lines is freed\nby bitmap_free(), but the unregistration of lineinfo_changed_nb notifier\nchain failed due to waiting write rwsem. Additionally, one of the GPIO\nchip\u0027s lines is also in the release process and holds the notifier chain\u0027s\nread rwsem. Consequently, a race condition leads to the use-after-free of\nwatched_lines.\n\nHere is the typical stack when issue happened:\n\n[free]\ngpio_chrdev_release()\n --\u003e bitmap_free(cdev-\u003ewatched_lines) \u003c-- freed\n --\u003e blocking_notifier_chain_unregister()\n --\u003e down_write(\u0026nh-\u003erwsem) \u003c-- waiting rwsem\n --\u003e __down_write_common()\n --\u003e rwsem_down_write_slowpath()\n --\u003e schedule_preempt_disabled()\n --\u003e schedule()\n\n[use]\nst54spi_gpio_dev_release()\n --\u003e gpio_free()\n --\u003e gpiod_free()\n --\u003e gpiod_free_commit()\n --\u003e gpiod_line_state_notify()\n --\u003e blocking_notifier_call_chain()\n --\u003e down_read(\u0026nh-\u003erwsem); \u003c-- held rwsem\n --\u003e notifier_call_chain()\n --\u003e lineinfo_changed_notify()\n --\u003e test_bit(xxxx, cdev-\u003ewatched_lines) \u003c-- use after free\n\nThe side effect of the use-after-free issue is that a GPIO line event is\nbeing generated for userspace where it shouldn\u0027t. However, since the chrdev\nis being closed, userspace won\u0027t have the chance to read that event anyway.\n\nTo fix the issue, call the bitmap_free() function after the unregistration\nof lineinfo_changed_nb notifier chain.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36899",
"url": "https://www.suse.com/security/cve/CVE-2024-36899"
},
{
"category": "external",
"summary": "SUSE Bug 1225737 for CVE-2024-36899",
"url": "https://bugzilla.suse.com/1225737"
},
{
"category": "external",
"summary": "SUSE Bug 1225739 for CVE-2024-36899",
"url": "https://bugzilla.suse.com/1225739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-05T15:33:55Z",
"details": "important"
}
],
"title": "CVE-2024-36899"
},
{
"cve": "CVE-2024-36904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36904"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Use refcount_inc_not_zero() in tcp_twsk_unique().\n\nAnderson Nascimento reported a use-after-free splat in tcp_twsk_unique()\nwith nice analysis.\n\nSince commit ec94c2696f0b (\"tcp/dccp: avoid one atomic operation for\ntimewait hashdance\"), inet_twsk_hashdance() sets TIME-WAIT socket\u0027s\nsk_refcnt after putting it into ehash and releasing the bucket lock.\n\nThus, there is a small race window where other threads could try to\nreuse the port during connect() and call sock_hold() in tcp_twsk_unique()\nfor the TIME-WAIT socket with zero refcnt.\n\nIf that happens, the refcnt taken by tcp_twsk_unique() is overwritten\nand sock_put() will cause underflow, triggering a real use-after-free\nsomewhere else.\n\nTo avoid the use-after-free, we need to use refcount_inc_not_zero() in\ntcp_twsk_unique() and give up on reusing the port if it returns false.\n\n[0]:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110\nCPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1\nHardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023\nRIP: 0010:refcount_warn_saturate+0xe5/0x110\nCode: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff \u003c0f\u003e 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8\nRSP: 0018:ffffc90006b43b60 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027\nRDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0\nRBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0\nR10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84\nR13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0\nFS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xe5/0x110\n ? __warn+0x81/0x130\n ? refcount_warn_saturate+0xe5/0x110\n ? report_bug+0x171/0x1a0\n ? refcount_warn_saturate+0xe5/0x110\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? refcount_warn_saturate+0xe5/0x110\n tcp_twsk_unique+0x186/0x190\n __inet_check_established+0x176/0x2d0\n __inet_hash_connect+0x74/0x7d0\n ? __pfx___inet_check_established+0x10/0x10\n tcp_v4_connect+0x278/0x530\n __inet_stream_connect+0x10f/0x3d0\n inet_stream_connect+0x3a/0x60\n __sys_connect+0xa8/0xd0\n __x64_sys_connect+0x18/0x20\n do_syscall_64+0x83/0x170\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7f62c11a885d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d\nRDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003\nRBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0\nR13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36904",
"url": "https://www.suse.com/security/cve/CVE-2024-36904"
},
{
"category": "external",
"summary": "SUSE Bug 1225732 for CVE-2024-36904",
"url": "https://bugzilla.suse.com/1225732"
},
{
"category": "external",
"summary": "SUSE Bug 1225733 for CVE-2024-36904",
"url": "https://bugzilla.suse.com/1225733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-05T15:33:55Z",
"details": "important"
}
],
"title": "CVE-2024-36904"
},
{
"cve": "CVE-2024-40954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40954"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not leave a dangling sk pointer, when socket creation fails\n\nIt is possible to trigger a use-after-free by:\n * attaching an fentry probe to __sock_release() and the probe calling the\n bpf_get_socket_cookie() helper\n * running traceroute -I 1.1.1.1 on a freshly booted VM\n\nA KASAN enabled kernel will log something like below (decoded and stripped):\n==================================================================\nBUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nRead of size 8 at addr ffff888007110dd8 by task traceroute/299\n\nCPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))\nprint_report (mm/kasan/report.c:378 mm/kasan/report.c:488)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_report (mm/kasan/report.c:603)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)\n__sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nbpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092)\nbpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e\nbpf_trampoline_6442506592+0x47/0xaf\n__sock_release (net/socket.c:652)\n__sock_create (net/socket.c:1601)\n...\nAllocated by task 299 on cpu 2 at 78.328492s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\n__kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338)\nkmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007)\nsk_prot_alloc (net/core/sock.c:2075)\nsk_alloc (net/core/sock.c:2134)\ninet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFreed by task 299 on cpu 2 at 78.328502s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\nkasan_save_free_info (mm/kasan/generic.c:582)\npoison_slab_object (mm/kasan/common.c:242)\n__kasan_slab_free (mm/kasan/common.c:256)\nkmem_cache_free (mm/slub.c:4437 mm/slub.c:4511)\n__sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208)\ninet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFix this by clearing the struct socket reference in sk_common_release() to cover\nall protocol families create functions, which may already attached the\nreference to the sk object with sock_init_data().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40954",
"url": "https://www.suse.com/security/cve/CVE-2024-40954"
},
{
"category": "external",
"summary": "SUSE Bug 1227808 for CVE-2024-40954",
"url": "https://bugzilla.suse.com/1227808"
},
{
"category": "external",
"summary": "SUSE Bug 1228786 for CVE-2024-40954",
"url": "https://bugzilla.suse.com/1228786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-05T15:33:55Z",
"details": "important"
}
],
"title": "CVE-2024-40954"
},
{
"cve": "CVE-2024-42133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42133"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Ignore too large handle values in BIG\n\nhci_le_big_sync_established_evt is necessary to filter out cases where the\nhandle value is belonging to ida id range, otherwise ida will be erroneously\nreleased in hci_conn_cleanup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42133",
"url": "https://www.suse.com/security/cve/CVE-2024-42133"
},
{
"category": "external",
"summary": "SUSE Bug 1228511 for CVE-2024-42133",
"url": "https://bugzilla.suse.com/1228511"
},
{
"category": "external",
"summary": "SUSE Bug 1231419 for CVE-2024-42133",
"url": "https://bugzilla.suse.com/1231419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-05T15:33:55Z",
"details": "important"
}
],
"title": "CVE-2024-42133"
},
{
"cve": "CVE-2024-43861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43861",
"url": "https://www.suse.com/security/cve/CVE-2024-43861"
},
{
"category": "external",
"summary": "SUSE Bug 1229500 for CVE-2024-43861",
"url": "https://bugzilla.suse.com/1229500"
},
{
"category": "external",
"summary": "SUSE Bug 1229553 for CVE-2024-43861",
"url": "https://bugzilla.suse.com/1229553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_7-default-5-150600.13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-05T15:33:55Z",
"details": "important"
}
],
"title": "CVE-2024-43861"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…