Protect yourself against future threats.
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2024.1864
Security update for the Linux Kernel
28 March 2024
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2023-52478 CVE-2023-52482 CVE-2022-20154
CVE-2023-52449 CVE-2023-52530 CVE-2023-52531
CVE-2024-1151 CVE-2024-23851 CVE-2024-26585
CVE-2024-26600 CVE-2024-26595 CVE-2024-26622
CVE-2020-36777 CVE-2020-36784 CVE-2021-46906
CVE-2021-46915 CVE-2021-46921 CVE-2021-46929
CVE-2021-46953 CVE-2021-46974 CVE-2021-46991
CVE-2021-46992 CVE-2021-47013 CVE-2021-47054
CVE-2021-47076 CVE-2021-47077 CVE-2021-47078
CVE-2023-28746 CVE-2023-52502 CVE-2023-52532
CVE-2023-52574 CVE-2024-0607 CVE-2022-48627
CVE-2023-46343 CVE-2023-6536 CVE-2023-6535
CVE-2023-6356 CVE-2023-52429 CVE-2024-23849
CVE-2023-35827 CVE-2023-52443 CVE-2021-33200
CVE-2023-52464 CVE-2023-52597 CVE-2019-25162
CVE-2021-46924 CVE-2021-46932 CVE-2023-52445
CVE-2023-52340 CVE-2023-52451 CVE-2023-52605
CVE-2023-52475
Original Bulletin:
https://www.suse.com/support/update/announcement/2024/suse-su-20240975-1
Comment: CVSS (Max): 8.4 CVE-2021-33200 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: [SUSE], NIST
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Security update for the Linux Kernel
Announcement ID: SUSE-SU-2024:0975-1
Rating: important
o bsc#1050549
o bsc#1186484
o bsc#1200599
o bsc#1212514
o bsc#1213456
o bsc#1217987
o bsc#1217988
o bsc#1217989
o bsc#1218450
o bsc#1218527
o bsc#1218915
o bsc#1219127
o bsc#1219146
o bsc#1219295
o bsc#1219653
o bsc#1219827
o bsc#1219835
o bsc#1220187
o bsc#1220238
o bsc#1220240
o bsc#1220241
o bsc#1220250
o bsc#1220330
o bsc#1220340
o bsc#1220344
o bsc#1220409
o bsc#1220421
o bsc#1220436
o bsc#1220444
References: o bsc#1220459
o bsc#1220468
o bsc#1220482
o bsc#1220526
o bsc#1220570
o bsc#1220575
o bsc#1220599
o bsc#1220607
o bsc#1220613
o bsc#1220638
o bsc#1220641
o bsc#1220649
o bsc#1220700
o bsc#1220735
o bsc#1220767
o bsc#1220796
o bsc#1220825
o bsc#1220831
o bsc#1220845
o bsc#1220860
o bsc#1220861
o bsc#1220863
o bsc#1220870
o bsc#1220930
o bsc#1220931
o bsc#1220932
o bsc#1220957
o bsc#1221039
o bsc#1221040
o bsc#1221287
o CVE-2019-25162
o CVE-2020-36777
o CVE-2020-36784
o CVE-2021-33200
o CVE-2021-46906
o CVE-2021-46915
o CVE-2021-46921
o CVE-2021-46924
o CVE-2021-46929
o CVE-2021-46932
o CVE-2021-46953
o CVE-2021-46974
o CVE-2021-46991
o CVE-2021-46992
o CVE-2021-47013
o CVE-2021-47054
o CVE-2021-47076
o CVE-2021-47077
o CVE-2021-47078
o CVE-2022-20154
o CVE-2022-48627
o CVE-2023-28746
o CVE-2023-35827
o CVE-2023-46343
o CVE-2023-52340
o CVE-2023-52429
Cross-References: o CVE-2023-52443
o CVE-2023-52445
o CVE-2023-52449
o CVE-2023-52451
o CVE-2023-52464
o CVE-2023-52475
o CVE-2023-52478
o CVE-2023-52482
o CVE-2023-52502
o CVE-2023-52530
o CVE-2023-52531
o CVE-2023-52532
o CVE-2023-52574
o CVE-2023-52597
o CVE-2023-52605
o CVE-2023-6356
o CVE-2023-6535
o CVE-2023-6536
o CVE-2024-0607
o CVE-2024-1151
o CVE-2024-23849
o CVE-2024-23851
o CVE-2024-26585
o CVE-2024-26595
o CVE-2024-26600
o CVE-2024-26622
o CVE-2019-25162 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N
/S:U/C:H/I:H/A:H
o CVE-2020-36777 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:L/I:N/A:N
o CVE-2020-36784 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:L/I:N/A:N
o CVE-2021-33200 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N
/S:U/C:H/I:H/A:H
o CVE-2021-33200 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2021-46906 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:H/I:N/A:N
o CVE-2021-46915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2021-46921 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N
/S:U/C:H/I:N/A:N
o CVE-2021-46924 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N
/S:U/C:L/I:N/A:N
o CVE-2021-46929 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:L/A:L
o CVE-2021-46932 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N
/S:U/C:N/I:N/A:L
o CVE-2021-46953 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2021-46974 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:L/A:N
o CVE-2021-46991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:H/I:N/A:N
o CVE-2021-46992 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:L/I:L/A:L
o CVE-2021-47013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2021-47054 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:L
o CVE-2021-47076 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2021-47077 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2021-47078 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:L/I:L/A:L
o CVE-2022-20154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N
/S:U/C:H/I:H/A:H
o CVE-2022-20154 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/
S:U/C:H/I:H/A:H
o CVE-2022-48627 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:L/A:L
o CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:C/C:H/I:N/A:N
o CVE-2023-35827 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-46343 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-46343 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-52429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-52443 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-52443 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-52445 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N
/S:U/C:H/I:H/A:H
o CVE-2023-52445 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
CVSS scores: S:U/C:H/I:H/A:H
o CVE-2023-52449 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-52449 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-52451 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N
/S:U/C:L/I:N/A:H
o CVE-2023-52451 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-52464 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:H/I:N/A:N
o CVE-2023-52475 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N
/S:U/C:H/I:H/A:H
o CVE-2023-52478 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N
/S:U/C:L/I:L/A:H
o CVE-2023-52482 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N
/S:C/C:H/I:N/A:N
o CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N
/S:U/C:H/I:H/A:H
o CVE-2023-52530 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-52531 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-52532 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-52574 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-52597 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N
/S:U/C:N/I:L/A:H
o CVE-2023-52605 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-6356 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-6356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-6535 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-6535 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-6536 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-6536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:H
o CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:H/A:L
o CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:L/I:L/A:H
o CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:H/I:N/A:N
o CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H
o CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N
/S:U/C:H/I:H/A:H
o CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2024-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2024-26600 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:H/I:H/A:H
Affected o SUSE Linux Enterprise High Performance Computing 12 SP5
Products: o SUSE Linux Enterprise Server 12 SP5
o SUSE Linux Enterprise Server for SAP Applications 12 SP5
An update that solves 52 vulnerabilities and has seven security fixes can now
be installed.
Description:
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various
security bugfixes.
The following security bugs were fixed:
o CVE-2024-26600: Fixed NULL pointer dereference for SRP (bsc#1220340).
o CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed
(bsc#1220863)
o CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was
supplied (bsc#1220860)
o CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
o CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
o CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
o CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors
(bsc#1220735).
o CVE-2022-48627: Fixed a memory overlapping when deleting chars in the
buffer (bsc#1220845).
o CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
o CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc#
1220861).
o CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc
#1212514).
o CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
o CVE-2021-33200: Fixed a leakage of uninitialized bpf stack under
speculation. (bsc#1186484)
o CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#
1220930).
o CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
o CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (bsc#1220831).
o CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc
#1220187).
o CVE-2023-52340: Fixed ICMPv6 "Packet Too Big" packets force a DoS of the
Linux kernel by forcing 100% CPU (bsc#1219295).
o CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#
1218915).
o CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#
1220825).
o CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468).
o CVE-2021-46932: Fixed missing work initialization before device
registration (bsc#1220444)
o CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
o CVE-2021-46953: Fixed a corruption in interrupt mappings on watchdow probe
failure (bsc#1220599).
o CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl
notifier (bsc#1220238).
o CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#
1220649)
o CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
o CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
o CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#
1220570).
o CVE-2021-47054: Fixed a bug to put child node before return (bsc#1220767).
o CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#
1220459)
o CVE-2021-46915: Fixed a bug to avoid possible divide error in
nft_limit_init (bsc#1220436).
o CVE-2021-46906: Fixed an info leak in hid_submit_ctrl (bsc#1220421).
o CVE-2023-52445: Fixed use after free on context disconnection (bsc#
1220241).
o CVE-2020-36777: Fixed a memory leak in dvb_media_device_free (bsc#1220526).
o CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#
1220240).
o CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge()
(CVE-2023-46343).
o CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc#
1220638).
o CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#
1220641).
o CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc#
1220575).
o CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
o CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#
1219835).
o CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
o CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#
1219127).
The following non-security bugs were fixed:
o ASN.1: Fix check for strdup() success (git-fixes).
o audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
o Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave()
(git-fixes).
o Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave()
(git-fixes).
o Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave()
(git-fixes).
o Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave()
(git-fixes).
o bnx2x: Fix PF-VF communication over multi-cos queues (git-fixes).
o doc/README.KSYMS: Add to repo.
o e1000: fix memory leaks (git-fixes).
o gve: Fix skb truesize underestimation (git-fixes).
o igb: clean up in all error paths when enabling SR-IOV (git-fixes).
o igb: Fix constant media auto sense switching when no cable is connected
(git-fixes).
o ipv6: Fix handling of LLA with VRF and sockets bound to VRF (git-fixes).
o ipv6: fix typos in __ip6_finish_output() (git-fixes).
o ixgbe: protect TX timestamping from API misuse (git-fixes).
o kcm: Call strp_stop before strp_done in kcm_attach (git-fixes).
o kcm: fix strp_init() order and cleanup (git-fixes).
o KVM: s390: vsie: fix race during shadow creation (git-fixes bsc#1220613).
o KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
o KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
(git-fixes).
o KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes).
o KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
(git-fixes).
o KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes).
o KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
o locking/barriers: Introduce smp_cond_load_relaxed() and
atomic_cond_read_relaxed() (bsc#1220468 bsc#1050549).
o md: bypass block throttle for superblock update (git-fixes).
o media: coda: constify platform_device_id (git-fixes).
o media: coda: explicitly request exclusive reset control (git-fixes).
o media: coda: reduce iram size to leave space for suspend to ram
(git-fixes).
o media: coda: reuse coda_s_fmt_vid_cap to propagate format in
coda_s_fmt_vid_out (git-fixes).
o media: coda: set min_buffers_needed (git-fixes).
o media: coda: wake up capture queue on encoder stop after output streamoff
(git-fixes).
o media: dvb-usb: Add memory free on error path in dw2102_probe()
(git-fixes).
o media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
(git-fixes).
o media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
(git-fixes).
o media: dw2102: Fix memleak on sequence of probes (git-fixes).
o media: dw2102: Fix use after free (git-fixes).
o media: dw2102: make dvb_usb_device_description structures const
(git-fixes).
o media: m920x: do not use stack on USB reads (git-fixes).
o media: rc: do not remove first bit if leader pulse is present (git-fixes).
o media: rc: ir-rc6-decoder: enable toggle bit for Kathrein RCU-676 remote
(git-fixes).
o media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
(git-fixes).
o media: uvcvideo: Set capability in s_param (git-fixes).
o net: bonding: debug: avoid printing debug logs when bond is not notifying
peers (git-fixes).
o net: fec: add missed clk_disable_unprepare in remove (git-fixes).
o net: fec: Better handle pm_runtime_get() failing in .remove() (git-fixes).
o net: fec: fix clock count mis-match (git-fixes).
o net: fec: fix use-after-free in fec_drv_remove (git-fixes).
o net: hisilicon: Fix dma_map_single failed on arm64 (git-fixes).
o net: hisilicon: fix hip04-xmit never return TX_BUSY (git-fixes).
o net: hisilicon: Fix usage of uninitialized variable in function
mdio_sc_cfg_reg_write() (git-fixes).
o net: hisilicon: make hip04_tx_reclaim non-reentrant (git-fixes).
o net: hns3: add compatible handling for MAC VLAN switch parameter
configuration (git-fixes).
o net: hns3: not allow SSU loopback while execute ethtool -t dev (git-fixes).
o net: lpc-enet: fix printk format strings (git-fixes).
o net: nfc: llcp: Add lock when modifying device list (git-fixes).
o net: phy: dp83867: enable robust auto-mdix (git-fixes).
o net: phy: initialise phydev speed and duplex sanely (git-fixes).
o net: sfp: add mutex to prevent concurrent state checks (git-fixes).
o net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ
context (git-fixes).
o net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
o net/mlx5e: ethtool, Avoid setting speed to 56GBASE when autoneg off
(git-fixes).
o net/sched: tcindex: search key must be 16 bits (git-fixes).
o nfsd: Do not refuse to serve out of cache (bsc#1220957).
o PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
(git-fixes).
o s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220607).
o stmmac: fix potential division by 0 (git-fixes).
o tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
o usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
o usb: host: fotg210: fix the endpoint's transactional opportunities
calculation (git-fixes).
o usb: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (bsc#
1218527).
o usb: musb: dsps: Fix the probe error path (git-fixes).
o usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
o usb: musb: tusb6010: check return value after calling platform_get_resource
() (git-fixes).
o usb: typec: tcpci: clear the fault status bit (git-fixes).
o wcn36xx: Fix (QoS) null data frame bitrate/modulation (git-fixes).
o wcn36xx: Fix discarded frames due to wrong sequence number (git-fixes).
o wcn36xx: fix RX BD rate mapping for 5GHz legacy rates (git-fixes).
o x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
o x86/bugs: Add asm helpers for executing VERW (bsc#1213456).
o x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
(git-fixes). Also add mds_user_clear to kABI severity as it's used purely
for mitigation so it's low risk.
o x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes).
o x86/entry_32: Add VERW just before userspace transition (git-fixes).
o x86/entry_64: Add VERW just before userspace transition (git-fixes).
Special Instructions and Notes:
o Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Server for SAP Applications 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-975=1
o SUSE Linux Enterprise High Performance Computing 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-975=1
o SUSE Linux Enterprise Server 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-975=1
Package List:
o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64)
kernel-azure-4.12.14-16.173.1
o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
kernel-azure-base-4.12.14-16.173.1
kernel-azure-base-debuginfo-4.12.14-16.173.1
kernel-azure-debugsource-4.12.14-16.173.1
kernel-azure-debuginfo-4.12.14-16.173.1
kernel-azure-devel-4.12.14-16.173.1
kernel-syms-azure-4.12.14-16.173.1
o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
kernel-source-azure-4.12.14-16.173.1
kernel-devel-azure-4.12.14-16.173.1
o SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64)
kernel-azure-4.12.14-16.173.1
o SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
kernel-azure-base-4.12.14-16.173.1
kernel-azure-base-debuginfo-4.12.14-16.173.1
kernel-azure-debugsource-4.12.14-16.173.1
kernel-azure-debuginfo-4.12.14-16.173.1
kernel-azure-devel-4.12.14-16.173.1
kernel-syms-azure-4.12.14-16.173.1
o SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
kernel-source-azure-4.12.14-16.173.1
kernel-devel-azure-4.12.14-16.173.1
o SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64)
kernel-azure-4.12.14-16.173.1
o SUSE Linux Enterprise Server 12 SP5 (x86_64)
kernel-azure-base-4.12.14-16.173.1
kernel-azure-base-debuginfo-4.12.14-16.173.1
kernel-azure-debugsource-4.12.14-16.173.1
kernel-azure-debuginfo-4.12.14-16.173.1
kernel-azure-devel-4.12.14-16.173.1
kernel-syms-azure-4.12.14-16.173.1
o SUSE Linux Enterprise Server 12 SP5 (noarch)
kernel-source-azure-4.12.14-16.173.1
kernel-devel-azure-4.12.14-16.173.1
References:
o https://www.suse.com/security/cve/CVE-2019-25162.html
o https://www.suse.com/security/cve/CVE-2020-36777.html
o https://www.suse.com/security/cve/CVE-2020-36784.html
o https://www.suse.com/security/cve/CVE-2021-33200.html
o https://www.suse.com/security/cve/CVE-2021-46906.html
o https://www.suse.com/security/cve/CVE-2021-46915.html
o https://www.suse.com/security/cve/CVE-2021-46921.html
o https://www.suse.com/security/cve/CVE-2021-46924.html
o https://www.suse.com/security/cve/CVE-2021-46929.html
o https://www.suse.com/security/cve/CVE-2021-46932.html
o https://www.suse.com/security/cve/CVE-2021-46953.html
o https://www.suse.com/security/cve/CVE-2021-46974.html
o https://www.suse.com/security/cve/CVE-2021-46991.html
o https://www.suse.com/security/cve/CVE-2021-46992.html
o https://www.suse.com/security/cve/CVE-2021-47013.html
o https://www.suse.com/security/cve/CVE-2021-47054.html
o https://www.suse.com/security/cve/CVE-2021-47076.html
o https://www.suse.com/security/cve/CVE-2021-47077.html
o https://www.suse.com/security/cve/CVE-2021-47078.html
o https://www.suse.com/security/cve/CVE-2022-20154.html
o https://www.suse.com/security/cve/CVE-2022-48627.html
o https://www.suse.com/security/cve/CVE-2023-28746.html
o https://www.suse.com/security/cve/CVE-2023-35827.html
o https://www.suse.com/security/cve/CVE-2023-46343.html
o https://www.suse.com/security/cve/CVE-2023-52340.html
o https://www.suse.com/security/cve/CVE-2023-52429.html
o https://www.suse.com/security/cve/CVE-2023-52443.html
o https://www.suse.com/security/cve/CVE-2023-52445.html
o https://www.suse.com/security/cve/CVE-2023-52449.html
o https://www.suse.com/security/cve/CVE-2023-52451.html
o https://www.suse.com/security/cve/CVE-2023-52464.html
o https://www.suse.com/security/cve/CVE-2023-52475.html
o https://www.suse.com/security/cve/CVE-2023-52478.html
o https://www.suse.com/security/cve/CVE-2023-52482.html
o https://www.suse.com/security/cve/CVE-2023-52502.html
o https://www.suse.com/security/cve/CVE-2023-52530.html
o https://www.suse.com/security/cve/CVE-2023-52531.html
o https://www.suse.com/security/cve/CVE-2023-52532.html
o https://www.suse.com/security/cve/CVE-2023-52574.html
o https://www.suse.com/security/cve/CVE-2023-52597.html
o https://www.suse.com/security/cve/CVE-2023-52605.html
o https://www.suse.com/security/cve/CVE-2023-6356.html
o https://www.suse.com/security/cve/CVE-2023-6535.html
o https://www.suse.com/security/cve/CVE-2023-6536.html
o https://www.suse.com/security/cve/CVE-2024-0607.html
o https://www.suse.com/security/cve/CVE-2024-1151.html
o https://www.suse.com/security/cve/CVE-2024-23849.html
o https://www.suse.com/security/cve/CVE-2024-23851.html
o https://www.suse.com/security/cve/CVE-2024-26585.html
o https://www.suse.com/security/cve/CVE-2024-26595.html
o https://www.suse.com/security/cve/CVE-2024-26600.html
o https://www.suse.com/security/cve/CVE-2024-26622.html
o https://bugzilla.suse.com/show_bug.cgi?id=1050549
o https://bugzilla.suse.com/show_bug.cgi?id=1186484
o https://bugzilla.suse.com/show_bug.cgi?id=1200599
o https://bugzilla.suse.com/show_bug.cgi?id=1212514
o https://bugzilla.suse.com/show_bug.cgi?id=1213456
o https://bugzilla.suse.com/show_bug.cgi?id=1217987
o https://bugzilla.suse.com/show_bug.cgi?id=1217988
o https://bugzilla.suse.com/show_bug.cgi?id=1217989
o https://bugzilla.suse.com/show_bug.cgi?id=1218450
o https://bugzilla.suse.com/show_bug.cgi?id=1218527
o https://bugzilla.suse.com/show_bug.cgi?id=1218915
o https://bugzilla.suse.com/show_bug.cgi?id=1219127
o https://bugzilla.suse.com/show_bug.cgi?id=1219146
o https://bugzilla.suse.com/show_bug.cgi?id=1219295
o https://bugzilla.suse.com/show_bug.cgi?id=1219653
o https://bugzilla.suse.com/show_bug.cgi?id=1219827
o https://bugzilla.suse.com/show_bug.cgi?id=1219835
o https://bugzilla.suse.com/show_bug.cgi?id=1220187
o https://bugzilla.suse.com/show_bug.cgi?id=1220238
o https://bugzilla.suse.com/show_bug.cgi?id=1220240
o https://bugzilla.suse.com/show_bug.cgi?id=1220241
o https://bugzilla.suse.com/show_bug.cgi?id=1220250
o https://bugzilla.suse.com/show_bug.cgi?id=1220330
o https://bugzilla.suse.com/show_bug.cgi?id=1220340
o https://bugzilla.suse.com/show_bug.cgi?id=1220344
o https://bugzilla.suse.com/show_bug.cgi?id=1220409
o https://bugzilla.suse.com/show_bug.cgi?id=1220421
o https://bugzilla.suse.com/show_bug.cgi?id=1220436
o https://bugzilla.suse.com/show_bug.cgi?id=1220444
o https://bugzilla.suse.com/show_bug.cgi?id=1220459
o https://bugzilla.suse.com/show_bug.cgi?id=1220468
o https://bugzilla.suse.com/show_bug.cgi?id=1220482
o https://bugzilla.suse.com/show_bug.cgi?id=1220526
o https://bugzilla.suse.com/show_bug.cgi?id=1220570
o https://bugzilla.suse.com/show_bug.cgi?id=1220575
o https://bugzilla.suse.com/show_bug.cgi?id=1220599
o https://bugzilla.suse.com/show_bug.cgi?id=1220607
o https://bugzilla.suse.com/show_bug.cgi?id=1220613
o https://bugzilla.suse.com/show_bug.cgi?id=1220638
o https://bugzilla.suse.com/show_bug.cgi?id=1220641
o https://bugzilla.suse.com/show_bug.cgi?id=1220649
o https://bugzilla.suse.com/show_bug.cgi?id=1220700
o https://bugzilla.suse.com/show_bug.cgi?id=1220735
o https://bugzilla.suse.com/show_bug.cgi?id=1220767
o https://bugzilla.suse.com/show_bug.cgi?id=1220796
o https://bugzilla.suse.com/show_bug.cgi?id=1220825
o https://bugzilla.suse.com/show_bug.cgi?id=1220831
o https://bugzilla.suse.com/show_bug.cgi?id=1220845
o https://bugzilla.suse.com/show_bug.cgi?id=1220860
o https://bugzilla.suse.com/show_bug.cgi?id=1220861
o https://bugzilla.suse.com/show_bug.cgi?id=1220863
o https://bugzilla.suse.com/show_bug.cgi?id=1220870
o https://bugzilla.suse.com/show_bug.cgi?id=1220930
o https://bugzilla.suse.com/show_bug.cgi?id=1220931
o https://bugzilla.suse.com/show_bug.cgi?id=1220932
o https://bugzilla.suse.com/show_bug.cgi?id=1220957
o https://bugzilla.suse.com/show_bug.cgi?id=1221039
o https://bugzilla.suse.com/show_bug.cgi?id=1221040
o https://bugzilla.suse.com/show_bug.cgi?id=1221287
- --------------------------END INCLUDED TEXT----------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================