Protect yourself against future threats.
=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1863 Security update for the Linux Kernel 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-52478 CVE-2023-52482 CVE-2023-52449 CVE-2023-52531 CVE-2023-52530 CVE-2024-1151 CVE-2024-23851 CVE-2024-26585 CVE-2024-26600 CVE-2024-26595 CVE-2024-26622 CVE-2020-36777 CVE-2020-36784 CVE-2021-46906 CVE-2021-46915 CVE-2021-46921 CVE-2021-46929 CVE-2021-46953 CVE-2021-46974 CVE-2021-46991 CVE-2021-46992 CVE-2021-47013 CVE-2021-47054 CVE-2021-47076 CVE-2021-47077 CVE-2021-47078 CVE-2023-28746 CVE-2023-52502 CVE-2023-52532 CVE-2023-52574 CVE-2024-0607 CVE-2022-48627 CVE-2023-46343 CVE-2023-52429 CVE-2024-23849 CVE-2023-35827 CVE-2023-52443 CVE-2023-52464 CVE-2023-52597 CVE-2019-25162 CVE-2021-46924 CVE-2021-46932 CVE-2023-52445 CVE-2023-52340 CVE-2023-52451 CVE-2023-52605 CVE-2023-52475 Original Bulletin: https://www.suse.com/support/update/announcement/2024/suse-su-20240976-1 Comment: CVSS (Max): 7.8 CVE-2024-26622 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: [SUSE], NIST Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:0976-1 Rating: important o bsc#1050549 o bsc#1186484 o bsc#1200599 o bsc#1212514 o bsc#1213456 o bsc#1218450 o bsc#1218527 o bsc#1218915 o bsc#1219127 o bsc#1219146 o bsc#1219295 o bsc#1219653 o bsc#1219827 o bsc#1219835 o bsc#1220187 o bsc#1220238 o bsc#1220240 o bsc#1220241 o bsc#1220250 o bsc#1220330 o bsc#1220340 o bsc#1220344 o bsc#1220409 o bsc#1220421 o bsc#1220436 o bsc#1220444 o bsc#1220459 o bsc#1220468 References: o bsc#1220482 o bsc#1220526 o bsc#1220570 o bsc#1220575 o bsc#1220599 o bsc#1220607 o bsc#1220613 o bsc#1220638 o bsc#1220641 o bsc#1220649 o bsc#1220700 o bsc#1220735 o bsc#1220767 o bsc#1220796 o bsc#1220825 o bsc#1220831 o bsc#1220845 o bsc#1220860 o bsc#1220861 o bsc#1220863 o bsc#1220870 o bsc#1220930 o bsc#1220931 o bsc#1220932 o bsc#1220957 o bsc#1221039 o bsc#1221040 o bsc#1221287 o CVE-2019-25162 o CVE-2020-36777 o CVE-2020-36784 o CVE-2021-46906 o CVE-2021-46915 o CVE-2021-46921 o CVE-2021-46924 o CVE-2021-46929 o CVE-2021-46932 o CVE-2021-46953 o CVE-2021-46974 o CVE-2021-46991 o CVE-2021-46992 o CVE-2021-47013 o CVE-2021-47054 o CVE-2021-47076 o CVE-2021-47077 o CVE-2021-47078 o CVE-2022-48627 o CVE-2023-28746 o CVE-2023-35827 o CVE-2023-46343 o CVE-2023-52340 Cross-References: o CVE-2023-52429 o CVE-2023-52443 o CVE-2023-52445 o CVE-2023-52449 o CVE-2023-52451 o CVE-2023-52464 o CVE-2023-52475 o CVE-2023-52478 o CVE-2023-52482 o CVE-2023-52502 o CVE-2023-52530 o CVE-2023-52531 o CVE-2023-52532 o CVE-2023-52574 o CVE-2023-52597 o CVE-2023-52605 o CVE-2024-0607 o CVE-2024-1151 o CVE-2024-23849 o CVE-2024-23851 o CVE-2024-26585 o CVE-2024-26595 o CVE-2024-26600 o CVE-2024-26622 o CVE-2019-25162 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2020-36777 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:L/I:N/A:N o CVE-2020-36784 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:L/I:N/A:N o CVE-2021-46906 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2021-46915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-46921 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:H/I:N/A:N o CVE-2021-46924 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N /S:U/C:L/I:N/A:N o CVE-2021-46929 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:L/I:L/A:L o CVE-2021-46932 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:N/I:N/A:L o CVE-2021-46953 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-46974 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:L/A:N o CVE-2021-46991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2021-46992 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:L/I:L/A:L o CVE-2021-47013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-47054 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:N/I:N/A:L o CVE-2021-47076 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-47077 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2021-47078 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:L/I:L/A:L o CVE-2022-48627 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:L/A:L o CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:C/C:H/I:N/A:N o CVE-2023-35827 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-46343 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2023-46343 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-52443 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52443 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-52445 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N CVSS scores: /S:U/C:H/I:H/A:H o CVE-2023-52445 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-52449 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52449 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-52451 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:L/I:N/A:H o CVE-2023-52451 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-52464 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2023-52475 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2023-52478 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:L/I:L/A:H o CVE-2023-52482 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:C/C:H/I:N/A:N o CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2023-52530 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52531 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52532 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52574 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-52597 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:U/C:N/I:L/A:H o CVE-2023-52605 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:H/A:L o CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:L/A:H o CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:N/A:N o CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2024-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2024-26600 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:H/A:H Affected o SUSE Linux Enterprise High Performance Computing 12 SP5 Products: o SUSE Linux Enterprise Real Time 12 SP5 o SUSE Linux Enterprise Server 12 SP5 An update that solves 47 vulnerabilities and has nine security fixes can now be installed. Description: The SUSE Linux Enterprise SLE12SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: o CVE-2019-25162: Fixed a potential use after free (bsc#1220409). o CVE-2020-36777: Fixed a memory leak in dvb_media_device_free() (bsc# 1220526). o CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc# 1220570). o CVE-2021-46906: Fixed an info leak in hid_submit_ctrl (bsc#1220421). o CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436). o CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468). o CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc# 1220459) o CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) o CVE-2021-46953: Fixed a corruption in interrupt mappings on watchdow probe failure (bsc#1220599). o CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc# 1220575). o CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc# 1220638). o CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc# 1220641). o CVE-2021-47054: Fixed a bug to put child node before return (bsc#1220767). o CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860) o CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc# 1220861). o CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863) o CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). o CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). o CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc #1212514). o CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343). o CVE-2023-52340: Fixed ICMPv6 "Packet Too Big" packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). o CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/ dm-table.c (bsc#1219827). o CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc# 1220240). o CVE-2023-52445: Fixed use after free on context disconnection (bsc# 1220241). o CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). o CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). o CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) o CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc# 1220649) o CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) o CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). o CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). o CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc# 1220930). o CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). o CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). o CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). o CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). o CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) o CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc# 1218915). o CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc# 1219835). o CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc# 1219127). o CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc# 1219146). o CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc #1220187). o CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). o CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). o CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc# 1220825). The following non-security bugs were fixed: o [media] coda: simplify optional reset handling (git-fixes). o [media] media drivers: annotate fall-through (git-fixes). o [media] media: platform: coda: remove variable self assignment (git-fixes). o asn.1: fix check for strdup() success (git-fixes). o audit: fix possible soft lockup in __audit_inode_child() (git-fixes). o bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). o bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). o bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). o bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). o bnx2x: fix pf-vf communication over multi-cos queues (git-fixes). o doc/readme.ksyms: add to repo.++ kernel-source-rt.spec (revision 4)%define git_commit 1431ee6e1c7fc02206d6bd539f8bd8ec4ce61801release: <release>.g1431ee6this package provides the rpm macros and templates for kernel module packages++ kernel-source.spec.in (revision 4)this package provides the rpm macros and templates for kernel module packages o e1000: fix memory leaks (git-fixes). o gve: fix skb truesize underestimation (git-fixes). o igb: clean up in all error paths when enabling sr-iov (git-fixes). o igb: fix constant media auto sense switching when no cable is connected (git-fixes). o ipv6: fix handling of lla with vrf and sockets bound to vrf (git-fixes). o ipv6: fix typos in __ip6_finish_output() (git-fixes). o ixgbe: protect tx timestamping from api misuse (git-fixes). o kcm: call strp_stop before strp_done in kcm_attach (git-fixes). o kcm: fix strp_init() order and cleanup (git-fixes). o kernel-source: fix description typo o kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220613). o kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes). o kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes). o kvm: x86: add support for cpuid leaf 0x80000021 (git-fixes). o kvm: x86: move open-coded cpuid leaf 0x80000021 eax bit propagation code (git-fixes). o kvm: x86: synthesize cpuid leaf 0x80000021h if useful (git-fixes). o kvm: x86: work around qemu issue with synthetic cpuid leaves (git-fixes). o locking/barriers: introduce smp_cond_load_relaxed() and atomic_cond_read_relaxed() (bsc#1220468 bsc#1050549). o media: coda: constify platform_device_id (git-fixes). o media: coda: explicitly request exclusive reset control (git-fixes). o media: coda: reduce iram size to leave space for suspend to ram (git-fixes). o media: coda: reuse coda_s_fmt_vid_cap to propagate format in coda_s_fmt_vid_out (git-fixes). o media: coda: set min_buffers_needed (git-fixes). o media: coda: wake up capture queue on encoder stop after output streamoff (git-fixes). o media: dvb-usb: add memory free on error path in dw2102_probe() (git-fixes). o media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). o media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes). o media: dw2102: fix memleak on sequence of probes (git-fixes). o media: dw2102: fix use after free (git-fixes). o media: dw2102: make dvb_usb_device_description structures const (git-fixes). o media: m920x: do not use stack on usb reads (git-fixes). o media: rc: do not remove first bit if leader pulse is present (git-fixes). o media: rc: ir-rc6-decoder: enable toggle bit for kathrein rcu-676 remote (git-fixes). o media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes). o media: uvcvideo: set capability in s_param (git-fixes). o mkspec: use variant in constraints template constraints are not applied consistently with kernel package variants. add variant to the constraints template as appropriate, and expand it in mkspec. o net/mlx5e: ethtool, avoid setting speed to 56gbase when autoneg off (git-fixes). o net/sched: tcindex: search key must be 16 bits (git-fixes). o net: bonding: debug: avoid printing debug logs when bond is not notifying peers (git-fixes). o net: fec: add missed clk_disable_unprepare in remove (git-fixes). o net: fec: better handle pm_runtime_get() failing in .remove() (git-fixes). o net: fec: fix clock count mis-match (git-fixes). o net: fec: fix use-after-free in fec_drv_remove (git-fixes). o net: hisilicon: fix dma_map_single failed on arm64 (git-fixes). o net: hisilicon: fix hip04-xmit never return tx_busy (git-fixes). o net: hisilicon: fix usage of uninitialized variable in function mdio_sc_cfg_reg_write() (git-fixes). o net: hisilicon: make hip04_tx_reclaim non-reentrant (git-fixes). o net: hns3: add compatible handling for mac vlan switch parameter configuration (git-fixes). o net: hns3: not allow ssu loopback while execute ethtool -t dev (git-fixes). o net: lpc-enet: fix printk format strings (git-fixes). o net: nfc: llcp: add lock when modifying device list (git-fixes). o net: phy: dp83867: enable robust auto-mdix (git-fixes). o net: phy: initialise phydev speed and duplex sanely (git-fixes). o net: sfp: add mutex to prevent concurrent state checks (git-fixes). o net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in irq context (git-fixes). o net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). o nfsd: do not refuse to serve out of cache (bsc#1220957). o pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-fixes). o revert "md/raid5: wait for md_sb_change_pending in raid5d" (git-fixes). o revert "wcn36xx: disable bmps when encryption is disabled" (git-fixes). o rpm/constraints.in: set jobs for riscv to 8 the same workers are used for x86 and riscv and the riscv builds take ages. so align the riscv jobs count to x86. o rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc# 1219653) they are put into -devel subpackage. and a proper link to /usr/ share/gdb/auto-load/ is created. o rpm/mkspec: sort entries in _multibuild otherwise it creates unnecessary diffs when tar-up-ing. it's of course due to readdir() using "random" order as served by the underlying filesystem. see for example: https:// build.opensuse.org/request/show/1144457/changes o rpm: use run_if_exists for all external scriptlets with that the scriptlets do not need to be installed for build. o s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220607). o stmmac: fix potential division by 0 (git-fixes). o tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450). o usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). o usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). o usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc# 1218527). o usb: musb: dsps: fix the probe error path (git-fixes). o usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). o usb: musb: tusb6010: check return value after calling platform_get_resource () (git-fixes). o usb: typec: tcpci: clear the fault status bit (git-fixes). o wcn36xx: fix (qos) null data frame bitrate/modulation (git-fixes). o wcn36xx: fix discarded frames due to wrong sequence number (git-fixes). o wcn36xx: fix rx bd rate mapping for 5ghz legacy rates (git-fixes). o x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes). o x86/bugs: add asm helpers for executing verw (bsc#1213456). o x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severity as it's used purely for mitigation so it's low risk. o x86/cpu, kvm: move x86_feature_lfence_rdtsc to its native leaf (git-fixes). o x86/entry_32: add verw just before userspace transition (git-fixes). o x86/entry_64: Add VERW just before userspace transition (git-fixes). Special Instructions and Notes: o Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2024-976=1 Package List: o SUSE Linux Enterprise Real Time 12 SP5 (x86_64) gfs2-kmp-rt-debuginfo-4.12.14-10.171.1 kernel-rt-debuginfo-4.12.14-10.171.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.171.1 ocfs2-kmp-rt-4.12.14-10.171.1 gfs2-kmp-rt-4.12.14-10.171.1 dlm-kmp-rt-4.12.14-10.171.1 kernel-syms-rt-4.12.14-10.171.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.171.1 dlm-kmp-rt-debuginfo-4.12.14-10.171.1 kernel-rt-debugsource-4.12.14-10.171.1 cluster-md-kmp-rt-4.12.14-10.171.1 kernel-rt-base-4.12.14-10.171.1 kernel-rt_debug-debuginfo-4.12.14-10.171.1 kernel-rt-devel-debuginfo-4.12.14-10.171.1 kernel-rt-base-debuginfo-4.12.14-10.171.1 kernel-rt_debug-debugsource-4.12.14-10.171.1 kernel-rt_debug-devel-4.12.14-10.171.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.171.1 kernel-rt-devel-4.12.14-10.171.1 o SUSE Linux Enterprise Real Time 12 SP5 (noarch) kernel-devel-rt-4.12.14-10.171.1 kernel-source-rt-4.12.14-10.171.1 o SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) kernel-rt_debug-4.12.14-10.171.1 kernel-rt-4.12.14-10.171.1 References: o https://www.suse.com/security/cve/CVE-2019-25162.html o https://www.suse.com/security/cve/CVE-2020-36777.html o https://www.suse.com/security/cve/CVE-2020-36784.html o https://www.suse.com/security/cve/CVE-2021-46906.html o https://www.suse.com/security/cve/CVE-2021-46915.html o https://www.suse.com/security/cve/CVE-2021-46921.html o https://www.suse.com/security/cve/CVE-2021-46924.html o https://www.suse.com/security/cve/CVE-2021-46929.html o https://www.suse.com/security/cve/CVE-2021-46932.html o https://www.suse.com/security/cve/CVE-2021-46953.html o https://www.suse.com/security/cve/CVE-2021-46974.html o https://www.suse.com/security/cve/CVE-2021-46991.html o https://www.suse.com/security/cve/CVE-2021-46992.html o https://www.suse.com/security/cve/CVE-2021-47013.html o https://www.suse.com/security/cve/CVE-2021-47054.html o https://www.suse.com/security/cve/CVE-2021-47076.html o https://www.suse.com/security/cve/CVE-2021-47077.html o https://www.suse.com/security/cve/CVE-2021-47078.html o https://www.suse.com/security/cve/CVE-2022-48627.html o https://www.suse.com/security/cve/CVE-2023-28746.html o https://www.suse.com/security/cve/CVE-2023-35827.html o https://www.suse.com/security/cve/CVE-2023-46343.html o https://www.suse.com/security/cve/CVE-2023-52340.html o https://www.suse.com/security/cve/CVE-2023-52429.html o https://www.suse.com/security/cve/CVE-2023-52443.html o https://www.suse.com/security/cve/CVE-2023-52445.html o https://www.suse.com/security/cve/CVE-2023-52449.html o https://www.suse.com/security/cve/CVE-2023-52451.html o https://www.suse.com/security/cve/CVE-2023-52464.html o https://www.suse.com/security/cve/CVE-2023-52475.html o https://www.suse.com/security/cve/CVE-2023-52478.html o https://www.suse.com/security/cve/CVE-2023-52482.html o https://www.suse.com/security/cve/CVE-2023-52502.html o https://www.suse.com/security/cve/CVE-2023-52530.html o https://www.suse.com/security/cve/CVE-2023-52531.html o https://www.suse.com/security/cve/CVE-2023-52532.html o https://www.suse.com/security/cve/CVE-2023-52574.html o https://www.suse.com/security/cve/CVE-2023-52597.html o https://www.suse.com/security/cve/CVE-2023-52605.html o https://www.suse.com/security/cve/CVE-2024-0607.html o https://www.suse.com/security/cve/CVE-2024-1151.html o https://www.suse.com/security/cve/CVE-2024-23849.html o https://www.suse.com/security/cve/CVE-2024-23851.html o https://www.suse.com/security/cve/CVE-2024-26585.html o https://www.suse.com/security/cve/CVE-2024-26595.html o https://www.suse.com/security/cve/CVE-2024-26600.html o https://www.suse.com/security/cve/CVE-2024-26622.html o https://bugzilla.suse.com/show_bug.cgi?id=1050549 o https://bugzilla.suse.com/show_bug.cgi?id=1186484 o https://bugzilla.suse.com/show_bug.cgi?id=1200599 o https://bugzilla.suse.com/show_bug.cgi?id=1212514 o https://bugzilla.suse.com/show_bug.cgi?id=1213456 o https://bugzilla.suse.com/show_bug.cgi?id=1218450 o https://bugzilla.suse.com/show_bug.cgi?id=1218527 o https://bugzilla.suse.com/show_bug.cgi?id=1218915 o https://bugzilla.suse.com/show_bug.cgi?id=1219127 o https://bugzilla.suse.com/show_bug.cgi?id=1219146 o https://bugzilla.suse.com/show_bug.cgi?id=1219295 o https://bugzilla.suse.com/show_bug.cgi?id=1219653 o https://bugzilla.suse.com/show_bug.cgi?id=1219827 o https://bugzilla.suse.com/show_bug.cgi?id=1219835 o https://bugzilla.suse.com/show_bug.cgi?id=1220187 o https://bugzilla.suse.com/show_bug.cgi?id=1220238 o https://bugzilla.suse.com/show_bug.cgi?id=1220240 o https://bugzilla.suse.com/show_bug.cgi?id=1220241 o https://bugzilla.suse.com/show_bug.cgi?id=1220250 o https://bugzilla.suse.com/show_bug.cgi?id=1220330 o https://bugzilla.suse.com/show_bug.cgi?id=1220340 o https://bugzilla.suse.com/show_bug.cgi?id=1220344 o https://bugzilla.suse.com/show_bug.cgi?id=1220409 o https://bugzilla.suse.com/show_bug.cgi?id=1220421 o https://bugzilla.suse.com/show_bug.cgi?id=1220436 o https://bugzilla.suse.com/show_bug.cgi?id=1220444 o https://bugzilla.suse.com/show_bug.cgi?id=1220459 o https://bugzilla.suse.com/show_bug.cgi?id=1220468 o https://bugzilla.suse.com/show_bug.cgi?id=1220482 o https://bugzilla.suse.com/show_bug.cgi?id=1220526 o https://bugzilla.suse.com/show_bug.cgi?id=1220570 o https://bugzilla.suse.com/show_bug.cgi?id=1220575 o https://bugzilla.suse.com/show_bug.cgi?id=1220599 o https://bugzilla.suse.com/show_bug.cgi?id=1220607 o https://bugzilla.suse.com/show_bug.cgi?id=1220613 o https://bugzilla.suse.com/show_bug.cgi?id=1220638 o https://bugzilla.suse.com/show_bug.cgi?id=1220641 o https://bugzilla.suse.com/show_bug.cgi?id=1220649 o https://bugzilla.suse.com/show_bug.cgi?id=1220700 o https://bugzilla.suse.com/show_bug.cgi?id=1220735 o https://bugzilla.suse.com/show_bug.cgi?id=1220767 o https://bugzilla.suse.com/show_bug.cgi?id=1220796 o https://bugzilla.suse.com/show_bug.cgi?id=1220825 o https://bugzilla.suse.com/show_bug.cgi?id=1220831 o https://bugzilla.suse.com/show_bug.cgi?id=1220845 o https://bugzilla.suse.com/show_bug.cgi?id=1220860 o https://bugzilla.suse.com/show_bug.cgi?id=1220861 o https://bugzilla.suse.com/show_bug.cgi?id=1220863 o https://bugzilla.suse.com/show_bug.cgi?id=1220870 o https://bugzilla.suse.com/show_bug.cgi?id=1220930 o https://bugzilla.suse.com/show_bug.cgi?id=1220931 o https://bugzilla.suse.com/show_bug.cgi?id=1220932 o https://bugzilla.suse.com/show_bug.cgi?id=1220957 o https://bugzilla.suse.com/show_bug.cgi?id=1221039 o https://bugzilla.suse.com/show_bug.cgi?id=1221040 o https://bugzilla.suse.com/show_bug.cgi?id=1221287 - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================