Main Vulnerability Database SB2024070826

SB2024070826 - SUSE update for the Linux Kernel

Published: July 8, 2024

Security Bulletin ID SB2024070826

Severity

Medium

Patch available

YES

Number of vulnerabilities 89

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 89 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2021-47047)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the zynqmp_qspi_irq(), zynqmp_qspi_setuprxdma(), zynqmp_qspi_write_op(), zynqmp_qspi_exec_op() and zynqmp_qspi_probe() functions in drivers/spi/spi-zynqmp-gqspi.c. A local user can perform a denial of service (DoS) attack.

2) NULL pointer dereference (CVE-ID: CVE-2021-47181)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tusb_musb_init() function in drivers/usb/musb/tusb6010.c. A local user can perform a denial of service (DoS) attack.

3) Buffer overflow (CVE-ID: CVE-2021-47182)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the scsi_mode_sense() function in drivers/scsi/scsi_lib.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

4) NULL pointer dereference (CVE-ID: CVE-2021-47183)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_sli_issue_abort_iotag() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2021-47184)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i40e_sync_filters_subtask() and i40e_vsi_release() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

6) Improper locking (CVE-ID: CVE-2021-47185)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the flush_to_ldisc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.

7) Improper locking (CVE-ID: CVE-2021-47187)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arch/arm64/boot/dts/qcom/msm8998.dtsi. A local user can perform a denial of service (DoS) attack.

8) Resource management error (CVE-ID: CVE-2021-47188)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ufshcd_abort() function in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.

9) Race condition (CVE-ID: CVE-2021-47189)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the run_ordered_work() and normal_work_helper() functions in fs/btrfs/async-thread.c. A local user can perform a denial of service (DoS) attack.

10) Out-of-bounds read (CVE-ID: CVE-2021-47191)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the resp_readcap16() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.

11) State Issues (CVE-ID: CVE-2021-47192)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error during iSCSI recovery within the store_state_field() function in drivers/scsi/scsi_sysfs.c. A local user can perform a denial of service (DoS) attack.

12) Memory leak (CVE-ID: CVE-2021-47193)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pm8001_init_ccb_tag(), pm8001_pci_remove() and remove() functions in drivers/scsi/pm8001/pm8001_init.c. A local user can perform a denial of service (DoS) attack.

13) Improper initialization (CVE-ID: CVE-2021-47194)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper initialization error within the cfg80211_change_iface() function in net/wireless/util.c. A local user can execute arbitrary code.

14) Use-after-free (CVE-ID: CVE-2021-47195)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the spi_unregister_controller() function in drivers/spi/spi.c. A local user can escalate privileges on the system.

15) Use-after-free (CVE-ID: CVE-2021-47196)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the create_qp() function in drivers/infiniband/core/verbs.c. A local user can escalate privileges on the system.

16) NULL pointer dereference (CVE-ID: CVE-2021-47197)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_debug_cq_remove() function in drivers/net/ethernet/mellanox/mlx5/core/debugfs.c, within the mlx5_core_destroy_cq() function in drivers/net/ethernet/mellanox/mlx5/core/cq.c. A local user can perform a denial of service (DoS) attack.

17) Use-after-free (CVE-ID: CVE-2021-47198)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lpfc_mbx_cmpl_fc_reg_login() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can escalate privileges on the system.

18) Memory leak (CVE-ID: CVE-2021-47199)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the parse_tc_nic_actions() and parse_tc_fdb_actions() functions in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c, within the mlx5_tc_ct_match_add(), mlx5_tc_ct_parse_action() and __mlx5_tc_ct_flow_offload_clear() functions in drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c. A local user can perform a denial of service (DoS) attack.

19) Use-after-free (CVE-ID: CVE-2021-47200)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_gem_prime_mmap() function in drivers/gpu/drm/drm_prime.c. A local user can escalate privileges on the system.

20) Resource management error (CVE-ID: CVE-2021-47201)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the iavf_disable_vf() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.

21) NULL pointer dereference (CVE-ID: CVE-2021-47202)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend() and of_thermal_set_trip_temp() functions in drivers/thermal/of-thermal.c. A local user can perform a denial of service (DoS) attack.

22) Buffer overflow (CVE-ID: CVE-2021-47203)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the lpfc_drain_txq() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.

23) Use-after-free (CVE-ID: CVE-2021-47204)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dpaa2_eth_remove() function in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.

24) Memory leak (CVE-ID: CVE-2021-47205)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the DEFINE_SPINLOCK() and devm_sunxi_ccu_release() functions in drivers/clk/sunxi-ng/ccu_common.c, within the suniv_f1c100s_ccu_setup() function in drivers/clk/sunxi-ng/ccu-suniv-f1c100s.c, within the sun9i_a80_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80.c, within the sun9i_a80_usb_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-usb.c, within the sun9i_a80_de_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-de.c, within the sun8i_v3_v3s_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-v3s.c, within the sun8i_r40_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-r40.c, within the sunxi_h3_h5_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-h3.c, within the sunxi_de2_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-de2.c, within the sun8i_a83t_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-a83t.c, within the sun8i_a33_ccu_setup() and ccu_pll_notifier_register() functions in drivers/clk/sunxi-ng/ccu-sun8i-a33.c, within the sun8i_a23_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun8i-a23.c, within the sun6i_a31_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun6i-a31.c, within the sun5i_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun5i.c, within the sun50i_h616_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun50i-h616.c, within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c, within the sunxi_r_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun50i-h6-r.c, within the sun50i_a64_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a64.c, within the sun50i_a100_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100.c, within the sun50i_a100_r_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100-r.c, within the sun4i_ccu_init() and sunxi_ccu_probe() functions in drivers/clk/sunxi-ng/ccu-sun4i-a10.c. A local user can perform a denial of service (DoS) attack.

25) NULL pointer dereference (CVE-ID: CVE-2021-47206)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ohci_hcd_tmio_drv_probe() function in drivers/usb/host/ohci-tmio.c. A local user can perform a denial of service (DoS) attack.

26) NULL pointer dereference (CVE-ID: CVE-2021-47207)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the snd_gf1_dma_interrupt() function in sound/isa/gus/gus_dma.c. A local user can perform a denial of service (DoS) attack.

27) Use-after-free (CVE-ID: CVE-2021-47209)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rq_of_rt_se() and rt_rq_of_se() functions in kernel/sched/rt.c, within the free_fair_sched_group() and unregister_fair_sched_group() functions in kernel/sched/fair.c, within the sched_free_group(), sched_online_group(), cpu_cgroup_css_released() and cpu_cgroup_css_free() functions in kernel/sched/core.c, within the autogroup_destroy() function in kernel/sched/autogroup.c. A local user can escalate privileges on the system.

28) Input validation error (CVE-ID: CVE-2021-47210)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the tps6598x_block_read() function in drivers/usb/typec/tps6598x.c. A local user can perform a denial of service (DoS) attack.

29) NULL pointer dereference (CVE-ID: CVE-2021-47211)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the snd_usb_set_sample_rate_v2v3() function in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.

30) Error Handling (CVE-ID: CVE-2021-47212)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect error handling within the mlx5_internal_err_ret_value() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.

31) Buffer overflow (CVE-ID: CVE-2021-47215)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the DECLARE_BITMAP(), resync_handle_seq_match(), mlx5e_ktls_add_rx() and mlx5e_ktls_rx_handle_resync_list() functions in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c. A local user can perform a denial of service (DoS) attack.

32) Memory leak (CVE-ID: CVE-2021-47216)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the asc_prt_adv_board_info() function in drivers/scsi/advansys.c. A local user can perform a denial of service (DoS) attack.

33) NULL pointer dereference (CVE-ID: CVE-2021-47217)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the set_hv_tscchange_cb() function in arch/x86/hyperv/hv_init.c. A local user can perform a denial of service (DoS) attack.

34) NULL pointer dereference (CVE-ID: CVE-2021-47218)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hashtab_compute_size() function in security/selinux/ss/hashtab.c. A local user can perform a denial of service (DoS) attack.

35) Out-of-bounds read (CVE-ID: CVE-2021-47219)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the resp_report_tgtpgs() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.

36) Improper locking (CVE-ID: CVE-2022-48631)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ext4_ext_check() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

37) Use-after-free (CVE-ID: CVE-2022-48637)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bnxt_tx_int() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can escalate privileges on the system.

38) Input validation error (CVE-ID: CVE-2022-48638)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cgroup_get_from_id() function in kernel/cgroup/cgroup.c. A local user can perform a denial of service (DoS) attack.

39) NULL pointer dereference (CVE-ID: CVE-2022-48647)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efx_probe_interrupts() function in drivers/net/ethernet/sfc/efx_channels.c. A local user can perform a denial of service (DoS) attack.

40) NULL pointer dereference (CVE-ID: CVE-2022-48648)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efx_hard_start_xmit() function in drivers/net/ethernet/sfc/tx.c. A local user can perform a denial of service (DoS) attack.

41) Memory leak (CVE-ID: CVE-2022-48650)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __qlt_24xx_handle_abts() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.

42) Out-of-bounds read (CVE-ID: CVE-2022-48651)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in drivers/net/ipvlan/ipvlan_core.c. A remote attacker on the local network can send specially crafted packets to the system, trigger an out-of-bounds read error and read contents of memory on the system.

43) Improper locking (CVE-ID: CVE-2022-48653)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ice_schedule_reset() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

44) Memory leak (CVE-ID: CVE-2022-48654)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to memory leak within the nf_osf_find() function in net/netfilter/nfnetlink_osf.c. A local user can gain access to sensitive information.

45) Out-of-bounds read (CVE-ID: CVE-2022-48655)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the scmi_domain_reset() function in drivers/firmware/arm_scmi/reset.c. A local user can execute arbitrary code.

46) Information disclosure (CVE-ID: CVE-2022-48656)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to information disclosure within the of_xudma_dev_get() function in drivers/dma/ti/k3-udma-private.c. A local user can perform a denial of service (DoS) attack.

47) Buffer overflow (CVE-ID: CVE-2022-48657)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to memory corruption within the validate_cpu_freq_invariance_counters() function in arch/arm64/kernel/topology.c. A local user can execute arbitrary code.

48) Resource management error (CVE-ID: CVE-2022-48660)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the lineevent_create() function in drivers/gpio/gpiolib-cdev.c. A local user can perform a denial of service (DoS) attack.

49) Resource management error (CVE-ID: CVE-2022-48662)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to resource management error within the i915_gem_context_release() and context_close() functions in drivers/gpu/drm/i915/gem/i915_gem_context.c. A local user can execute arbitrary code.

50) NULL pointer dereference (CVE-ID: CVE-2022-48663)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gpio_mockup_init() function in drivers/gpio/gpio-mockup.c. A local user can perform a denial of service (DoS) attack.

51) Resource management error (CVE-ID: CVE-2022-48667)

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to improper management of internal resources within the smb3_insert_range() function in fs/cifs/smb2ops.c. A local user can corrupt data.

52) Resource management error (CVE-ID: CVE-2022-48668)

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to improper management of internal resources within the smb3_collapse_range() function in fs/cifs/smb2ops.c. A local user can corrupt data.

53) Improper locking (CVE-ID: CVE-2023-0160)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

54) Out-of-bounds read (CVE-ID: CVE-2023-52476)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the branch_type() and get_branch_type() functions in arch/x86/events/utils.c. A local user can trigger an out-of-bounds read error and crash the kernel.

55) Memory leak (CVE-ID: CVE-2023-52500)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mpi_set_controller_config_resp() function in drivers/scsi/pm8001/pm80xx_hwi.c. A local user can perform a denial of service (DoS) attack.

56) Improper locking (CVE-ID: CVE-2023-52590)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ocfs2_rename() function in fs/ocfs2/namei.c. A local user can perform a denial of service (DoS) attack.

57) Improper locking (CVE-ID: CVE-2023-52591)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reiserfs_rename() function in fs/reiserfs/namei.c. A local user can perform a denial of service (DoS) attack.

58) NULL pointer dereference (CVE-ID: CVE-2023-52607)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.

59) Improper Initialization (CVE-ID: CVE-2023-52616)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the mpi_ec_init() function in lib/mpi/ec.c. A local user can perform a denial of service (DoS) attack.

60) Stack-based buffer overflow (CVE-ID: CVE-2023-52628)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the nft_exthdr_sctp_eval(), nft_exthdr_tcp_eval(), and nft_exthdr_ipv6_eval() functions. A local user can pass specially crafted data to the system, trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.

61) Use-after-free (CVE-ID: CVE-2023-6270)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.

62) NULL pointer dereference (CVE-ID: CVE-2023-7042)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.

63) Memory leak (CVE-ID: CVE-2023-7192)

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the ctnetlink_create_conntrack() function in net/netfilter/nf_conntrack_netlink.c. A local user with CAP_NET_ADMIN privileges can perform denial of service attack.

64) NULL pointer dereference (CVE-ID: CVE-2024-0841)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the hugetlbfs_fill_super() function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. A local user can perform a denial of service (DoS) attack.

65) NULL pointer dereference (CVE-ID: CVE-2024-22099)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

66) Integer overflow (CVE-ID: CVE-2024-23307)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

67) Use-after-free (CVE-ID: CVE-2024-23848)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. A local user can perform a denial of service (DoS) attack.

68) Reachable Assertion (CVE-ID: CVE-2024-23850)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the btrfs_get_root_ref() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

69) Code Injection (CVE-ID: CVE-2024-25742)

The vulnerability allows a malicious hypervisor to escalate privileges on the system.

The vulnerability exists due to improper input validation when handling interrupts. A malicious hypervisor can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the value stored in EAX while a SEV VM is running.

70) Improper locking (CVE-ID: CVE-2024-26601)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_generate_buddy() and mb_free_blocks() functions in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

71) Buffer overflow (CVE-ID: CVE-2024-26610)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

72) Resource management error (CVE-ID: CVE-2024-26614)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.

73) Improper access control (CVE-ID: CVE-2024-26642)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.

74) Improper locking (CVE-ID: CVE-2024-26687)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the shutdown_pirq() and __unbind_from_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.

75) NULL pointer dereference (CVE-ID: CVE-2024-26688)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.

76) Use-after-free (CVE-ID: CVE-2024-26689)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __prep_cap() and __send_cap() functions in fs/ceph/caps.c. A local user can escalate privileges on the system.

77) Double free (CVE-ID: CVE-2024-26704)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ext4_move_extents() function in fs/ext4/move_extent.c. A local user can perform a denial of service (DoS) attack.

78) Reachable assertion (CVE-ID: CVE-2024-26727)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the btrfs_get_root_ref() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

79) Buffer overflow (CVE-ID: CVE-2024-26733)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.

80) Use-after-free (CVE-ID: CVE-2024-26739)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcf_mirred_to_dev() function in net/sched/act_mirred.c. A local user can escalate privileges on the system.

81) Resource management error (CVE-ID: CVE-2024-26764)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kiocb_set_cancel_fn() and aio_prep_rw() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.

82) Off-by-one (CVE-ID: CVE-2024-26766)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an off-by-one error within the _pad_sdma_tx_descs() function in drivers/infiniband/hw/hfi1/sdma.c. A local user can trigger an off-by-one error and execute arbitrary code with elevated privileges.

83) Improper locking (CVE-ID: CVE-2024-26773)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

84) Double free (CVE-ID: CVE-2024-26792)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the create_pending_snapshot() function in fs/btrfs/transaction.c, within the create_subvol() function in fs/btrfs/ioctl.c, within the btrfs_free_fs_info(), btrfs_init_fs_root(), btrfs_put_root() and btrfs_get_fs_root() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

85) Memory leak (CVE-ID: CVE-2024-26816)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.

86) Use-after-free (CVE-ID: CVE-2024-26898)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

87) NULL pointer dereference (CVE-ID: CVE-2024-26903)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.

88) Use-after-free (CVE-ID: CVE-2024-27043)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.

89) Resource management error (CVE-ID: CVE-2024-27389)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the pstore_put_backend_records() function in fs/pstore/inode.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-su-20241641-1/

Vulnerable Software

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
openSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise High Availability Extension 15: SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
openSUSE Leap: 15.4
cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.119.1
kernel-64kb-extra: before 5.14.21-150400.24.119.1
dtb-allwinner: before 5.14.21-150400.24.119.1
kernel-64kb-optional: before 5.14.21-150400.24.119.1
kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.119.1
dtb-sprd: before 5.14.21-150400.24.119.1
dtb-qcom: before 5.14.21-150400.24.119.1
dtb-apple: before 5.14.21-150400.24.119.1
dtb-cavium: before 5.14.21-150400.24.119.1
kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.119.1
dtb-exynos: before 5.14.21-150400.24.119.1
ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.119.1
dtb-amd: before 5.14.21-150400.24.119.1
dtb-broadcom: before 5.14.21-150400.24.119.1
dtb-hisilicon: before 5.14.21-150400.24.119.1
dtb-amlogic: before 5.14.21-150400.24.119.1
cluster-md-kmp-64kb: before 5.14.21-150400.24.119.1
dtb-xilinx: before 5.14.21-150400.24.119.1
dtb-socionext: before 5.14.21-150400.24.119.1
dtb-lg: before 5.14.21-150400.24.119.1
dtb-altera: before 5.14.21-150400.24.119.1
reiserfs-kmp-64kb: before 5.14.21-150400.24.119.1
dtb-renesas: before 5.14.21-150400.24.119.1
gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.119.1
dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.119.1
dtb-marvell: before 5.14.21-150400.24.119.1
dtb-arm: before 5.14.21-150400.24.119.1
reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.119.1
gfs2-kmp-64kb: before 5.14.21-150400.24.119.1
dlm-kmp-64kb: before 5.14.21-150400.24.119.1
dtb-amazon: before 5.14.21-150400.24.119.1
dtb-mediatek: before 5.14.21-150400.24.119.1
kernel-64kb-livepatch-devel: before 5.14.21-150400.24.119.1
ocfs2-kmp-64kb: before 5.14.21-150400.24.119.1
dtb-apm: before 5.14.21-150400.24.119.1
kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.119.1
dtb-freescale: before 5.14.21-150400.24.119.1
kselftests-kmp-64kb: before 5.14.21-150400.24.119.1
dtb-rockchip: before 5.14.21-150400.24.119.1
dtb-nvidia: before 5.14.21-150400.24.119.1
dtb-aarch64: before 5.14.21-150400.24.119.1
kernel-kvmsmall: before 5.14.21-150400.24.119.1
kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.119.1
kselftests-kmp-default: before 5.14.21-150400.24.119.1
kernel-default-optional: before 5.14.21-150400.24.119.1
kernel-default-optional-debuginfo: before 5.14.21-150400.24.119.1
kernel-obs-qa: before 5.14.21-150400.24.119.1
kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.119.1
kernel-default-base-rebuild: before 5.14.21-150400.24.119.1.150400.24.56.1
kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.119.1
kernel-kvmsmall-devel: before 5.14.21-150400.24.119.1
kernel-kvmsmall-debugsource: before 5.14.21-150400.24.119.1
kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.119.1
kernel-debug-devel-debuginfo: before 5.14.21-150400.24.119.1
kernel-debug-devel: before 5.14.21-150400.24.119.1
kernel-debug-debugsource: before 5.14.21-150400.24.119.1
kernel-debug-livepatch-devel: before 5.14.21-150400.24.119.1
kernel-debug-debuginfo: before 5.14.21-150400.24.119.1
kernel-debug: before 5.14.21-150400.24.119.1
kernel-docs-html: before 5.14.21-150400.24.119.1
kernel-source-vanilla: before 5.14.21-150400.24.119.1
kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.119.1
kernel-zfcpdump-debugsource: before 5.14.21-150400.24.119.1
kernel-zfcpdump: before 5.14.21-150400.24.119.1
kernel-default-extra-debuginfo: before 5.14.21-150400.24.119.1
kernel-default-extra: before 5.14.21-150400.24.119.1
kernel-docs: before 5.14.21-150400.24.119.1
kernel-source: before 5.14.21-150400.24.119.1
kernel-macros: before 5.14.21-150400.24.119.1
kernel-devel: before 5.14.21-150400.24.119.1
kernel-obs-build-debugsource: before 5.14.21-150400.24.119.1
reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.119.1
kernel-obs-build: before 5.14.21-150400.24.119.1
kernel-default-devel-debuginfo: before 5.14.21-150400.24.119.1
kernel-default-devel: before 5.14.21-150400.24.119.1
reiserfs-kmp-default: before 5.14.21-150400.24.119.1
kernel-syms: before 5.14.21-150400.24.119.1
kernel-64kb-debugsource: before 5.14.21-150400.24.119.1
kernel-64kb-debuginfo: before 5.14.21-150400.24.119.1
kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.119.1
kernel-64kb-devel: before 5.14.21-150400.24.119.1
kernel-64kb: before 5.14.21-150400.24.119.1
dlm-kmp-default: before 5.14.21-150400.24.119.1
cluster-md-kmp-default: before 5.14.21-150400.24.119.1
dlm-kmp-default-debuginfo: before 5.14.21-150400.24.119.1
gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.119.1
ocfs2-kmp-default: before 5.14.21-150400.24.119.1
cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.119.1
gfs2-kmp-default: before 5.14.21-150400.24.119.1
ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.119.1
kernel-livepatch-5_14_21-150400_24_119-default-debuginfo: before 1-150400.9.3.1
kernel-default-livepatch: before 5.14.21-150400.24.119.1
kernel-livepatch-5_14_21-150400_24_119-default: before 1-150400.9.3.1
kernel-livepatch-SLE15-SP4_Update_26-debugsource: before 1-150400.9.3.1
kernel-default-livepatch-devel: before 5.14.21-150400.24.119.1
kernel-default-debuginfo: before 5.14.21-150400.24.119.1
kernel-default-debugsource: before 5.14.21-150400.24.119.1
kernel-default-base: before 5.14.21-150400.24.119.1.150400.24.56.1
kernel-default: before 5.14.21-150400.24.119.1

SB2024070826 - SUSE update for the Linux Kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human