Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-18000

kernel update [SLES15 SP5 5.14.21-150500.55.68.1]

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • Lustre 2.16.0
    • Lustre 2.16.0, Lustre 2.15.6
    • None
    • 3
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
      bugfixes.

      The following security bugs were fixed:

      • CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506)
      • CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959)
      • CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961)
      • CVE-2023-1829: Fixed a use-after-free vulnerability in the control index
        filter (tcindex) (bsc#1210335).
      • CVE-2023-42755: Check user supplied offsets (bsc#1215702).
      • CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081).
      • CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615).
      • CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
      • CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187).
      • CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443).
      • CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747).
      • CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1
        (bsc#1224729).
      • CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727).
      • CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608).
      • CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config()
        (bsc#1224628).
      • CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (bsc#1224621)
      • CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr()
        (bsc#1225114)
      • CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
      • CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085).
      • CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
      • CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is
        read via debugfs (bsc#1225097).
      • CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936).
      • CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix
        garbage collector's deletion of SKB races with unix_stream_read_generic()on
        the socket that the SKB is queued on (bsc#1218447).
      • CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
      • CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with
        timeout (bsc#1221829).
      • CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error()
        (bsc#1222385).
      • CVE-2024-26692: Fixed regression in writes when non-standard maximum write
        size negotiated (bsc#1222464).
      • CVE-2024-26700: Fixed drm/amd/display: Fix MST Null Ptr for RV (bsc#1222870)
      • CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend
        (bsc#1222561).
      • CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608).
      • CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627).
      • CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765)
      • CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage
        (bsc#1222770)
      • CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793)
      • CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts
        (bsc#1223011).
      • CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
      • CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975)
      • CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119).
      • CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046).
      • CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment
        in mlx5 (bsc#1223203).
      • CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207)
      • CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847).
      • CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
      • CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path
        (bsc#1223390).
      • CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show()
        (bsc#1223532).
      • CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679).
      • CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653).
      • CVE-2024-27042: Fixed potential out-of-bounds access in
        'amdgpu_discovery_reg_base_init()' (bsc#1223823).
      • CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098).
      • CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096).
      • CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
        (bsc#1224174).
      • CVE-2024-27401: Fixed user_length taken into account when fetching packet
        contents (bsc#1224181).
      • CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438).
      • CVE-2024-27417: Fixed potential "struct net" leak in inet6_rtm_getaddr()
        (bsc#1224721)
      • CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759)
      • CVE-2024-27431: Zero-initialise xdp_rxq_info struct before running XDP
        program (bsc#1224718).
      • CVE-2024-35791: Flush pages under kvm->lock to fix UAF in
        svm_register_enc_region() (bsc#1224725).
      • CVE-2024-35799: Prevent crash when disable stream (bsc#1224740).
      • CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty
        (bsc#1224638).
      • CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
      • CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502).
      • CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636).
      • CVE-2024-35860: Struct bpf_link and bpf_link_ops kABI workaround
        (bsc#1224531).
      • CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
        (bsc#1224766).
      • CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
        (bsc#1224764).
      • CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
        (bsc#1224763).
      • CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
        (bsc#1224765,).
      • CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break()
        (bsc#1224668).
      • CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667).
      • CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
      • CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write()
        (bsc#1224678).
      • CVE-2024-35869: Guarantee refcounted children from parent session
        (bsc#1224679).
      • CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224020,
        bsc#1224672).
      • CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530).
      • CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems
        (bsc#1224665).
      • CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525).
      • CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf()
        (bsc#1224671).
      • CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524).
      • CVE-2024-35885: Stop interface during shutdown (bsc#1224519).
      • CVE-2024-35904: Fixed dereference of garbage after mount failure
        (bsc#1224494).
      • CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
      • CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492).
      • CVE-2024-35924: Limit read size on v1.2 (bsc#1224657).
      • CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure
        (bsc#1224535).
      • CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init
        (bsc#1224649).
      • CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host()
        (bsc#1224648).
      • CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr()
        (bsc#1224701).
      • CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666).
      • CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581).
      • CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and
        ipv6_del_addr (bsc#1224580).
      • CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586).
      • CVE-2024-35976: Validate user input for XDP_ {UMEM|COMPLETION}

        _FILL_RING
        (bsc#1224575).

      • CVE-2024-35998: Fixed lock ordering potential deadlock in
        cifs_sync_mid_result (bsc#1224549).
      • CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550).
      • CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541).
      • CVE-2024-36007: Fixed warning during rehash (bsc#1224543).
      • CVE-2024-36938: Fixed NULL pointer dereference in
        sk_psock_skb_ingress_enqueue (bsc#1225761).

      The following non-security bugs were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2024-June/018819.html

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-18156 kernel update [SLES15 SP5 5.14.21-150500.55.73.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-17883 kernel update [SLES15 SP5 5.14.21-150500.55.65.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: