Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-17864

kernel update [SLES15 SP5 5.14.21-150500.55.62.2]

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Won't Fix
    • Minor
    • None
    • Lustre 2.16.0, Lustre 2.15.5
    • None
    • 3
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
      bugfixes.

      The following security bugs were fixed:

      • CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case
        (bsc#1222596).
      • CVE-2024-27389: Fixed pstore inode handling with d_invalidate()
        (bsc#1223705).
      • CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
      • CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists
        (bsc#1223822).
      • CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure
        (bsc#1223827).
      • CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places
        (bsc#1223824).
      • CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in
        amdgpu_dm_fini() (bsc#1223714).
      • CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree()
        (bsc#1223821).
      • CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816).
      • CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts
        (bsc#1223790).
      • CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS
        (bsc#1223735).
      • CVE-2024-27013: Fixed tun limit printing rate when illegal packet received
        by tun device (bsc#1223745).
      • CVE-2024-26993: Fixed fs/sysfs reference leak in
        sysfs_break_active_protection() (bsc#1223693).
      • CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value
        of zero (bsc#1223634).
      • CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table
        arrays (bsc#1223644).
      • CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table
        arrays (bsc#1223645).
      • CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table
        arrays (bsc#1223646).
      • CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table
        arrays (bsc#1223648).
      • CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and
        swapoff() (bsc#1223655).
      • CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead
        instead of empty list (bsc#1223660).
      • CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead
        of peer (bsc#1223661).
      • CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in
        dc_state_release (bsc#1223664).
      • CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch
        (bsc#1223525).
      • CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent
        kernel-infoleak (bsc#1223198).
      • CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042).
      • CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC
        transport cleanup path (bsc#1223196).
      • CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches
        (bsc#1223190).
      • CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches
        (bsc#1223189).
      • CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches
        (bsc#1223035).
      • CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in
        ip_tunnel_rcv() (bsc#1223034).
      • CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08
        devices (bsc#1223041).
      • CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps
        (bsc#1223066).
      • CVE-2024-26878: Fixed quota for potential NULL pointer dereference
        (bsc#1223060).
      • CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant
        spi_controller_put call (bsc#1223024).
      • CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing
        (bsc#1223111).
      • CVE-2024-26861: Fixed wireguard/receive annotate data-race around
        receiving_counter.counter (bsc#1223076).
      • CVE-2024-26857: Fixed geneve to make sure to pull inner header in
        geneve_rx() (bsc#1223058).
      • CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry
        (bsc#1223052).
      • CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in
        ice_bridge_setlink() (bsc#1223051).
      • CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT
        (bsc#1223061).
      • CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in
        ip6_route_mpath_notify() (bsc#1223057).
      • CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030).
      • CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for
        workstations (bsc#1222968).
      • CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove
        administratively set MAC (bsc#1223012).
      • CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid
        integer overflow (bsc#1222812).
      • CVE-2024-26816: Fixed relocations in .notes section when building with
        CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
      • CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM
        hooks (bsc#1222801).
      • CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in
        netlink (bsc#1222630).
      • CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink()
        in gtp (bsc#1222428).
      • CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a
        wrong zone index (bsc#1222615).
      • CVE-2024-26773: Fixed ext4 block allocation from corrupted group in
        ext4_mb_try_best_found() (bsc#1222618).
      • CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group
        in ext4_mb_find_by_goal() (bsc#1222613).
      • CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine
        ti edma (bsc#1222610)
      • CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs()
        (bsc#1222726).
      • CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct
        aio_kiocb conversion (bsc#1222721).
      • CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on
        device in dm-crypt (bsc#1222720).
      • CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in
        gtp_genl_dump_pdp() in gtp (bsc#1222632).
      • CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table
        (bsc#1222724).
      • CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid
        parameter in rdma/srpt (bsc#1222449).
      • CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in
        rdma/qedr (bsc#1222677).
      • CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free
        and bpf_timer_cancel (bsc#1222557).
      • CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
      • CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already
        gets read (bsc#1222536).
      • CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416).
      • CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len
        in ext4 (bsc#1222422).
      • CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers()
        (bsc#1222549).
      • CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
      • CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup
        (bsc#1222435).
      • CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write
        (bsc#1222437).
      • CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA
        channels (bsc#1222445).
      • CVE-2024-26681: Fixed netdevsim to avoid potential loop in
        nsim_dev_trap_report_work() (bsc#1222431).
      • CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring
        (bsc#1222427).
      • CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
      • CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization
        (bsc#1222368).
      • CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
      • CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder
        creation (bsc#1222266).
      • CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307).
      • CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
      • CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay
        (bsc#1220342).
      • CVE-2024-23850: Fixed double free of anonymous device after snapshot
        creation failure (bsc#1219126).
      • CVE-2024-23848: Fixed media/cec for possible use-after-free in
        cec_queue_msg_fh (bsc#1219104).
      • CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
        and ARM md, raid, raid5 modules (bsc#1219169).
      • CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security
        (bsc#1219170).
      • CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super
        function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
      • CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock
        found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
      • CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts
        (bsc#1218562).
      • CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device()
        (bsc#1223686).
      • CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd
        (bsc#1223033).
      • CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in
        msgr2 (bsc#1222247).
      • CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop]
        (bsc#1222294).
      • CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace
        (bsc#1222051).
      • CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous
        sets never used from userspace (bsc#1221825).
      • CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in
        mpi_ec_init (bsc#1221612).
      • CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show
        (bsc#1221617).
      • CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in
        wfx_set_mfp_ap() (bsc#1221042).
      • CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via
        directory renaming (bsc#1221044).
      • CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory
        renaming (bsc#1221088).
      • CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084).
      • CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in
        amdgpu_ras_query_error_status_helper() (bsc#1221080).
      • CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash
        memory region (bsc#1220935).
      • CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in
        amdtee_close_session (bsc#1220915).
      • CVE-2023-52488: Fixed serial/sc16is7xx convert from raw to noinc regmap
        functions for FIFO (bsc#1221162).
      • CVE-2022-48662: Fixed a general protection fault (GPF) in
        i915_perf_open_ioctl (bsc#1223505).
      • CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails
        (bsc#1223498).
      • CVE-2022-48658: Fixed mm/slub to avoid a problem in
        flush_cpu_slab()/__free_slab() task context (bsc#1223496).
      • CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
        skb->mac_header (bsc#1223513).
      • CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at
        nf_tables_addchain() (bsc#1223478).
      • CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in
        bond_rr_gen_slave_id (bsc#1223499).
      • CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries
        == 0 and eh_depth > 0 (bsc#1223475).
      • CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in
        hugetlb_mcopy_atomic_pte() (bsc#1222710).
      • CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions
        (bsc#1222878)
      • CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within
        drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838).
      • CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex
        (bsc#1222832).
      • CVE-2021-47189: Fixed denial of service due to memory ordering issues
        between normal and ordered work functions in btrfs (bsc#1222706).
      • CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer
        (bsc#1222669).
      • CVE-2021-47183: Fixed a null pointer dereference during link down processing
        in scsi lpfc (bsc#1192145, bsc#1222664).
      • CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling
        (bsc#1222662).
      • CVE-2021-47181: Fixed a null pointer dereference caused by calling
        platform_get_resource() (bsc#1222660).

      The following non-security bugs were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2024-May/018538.html

      Attachments

        Issue Links

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: