Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-18123

kernel update [SLES15 SP6 6.4.0-150600.23.17.1]

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • Lustre 2.16.0
    • Lustre 2.16.0
    • None
    • 3
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security
      bugfixes.

      The following security bugs were fixed:

      • CVE-2023-47210: wifi: iwlwifi: bump FW API to 90 for BZ/SC devices
        (bsc#1225601, bsc#1225600).
      • CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).
      • CVE-2023-52751: smb: client: fix use-after-free in
        smb2_query_info_compound() (bsc#1225489).
      • CVE-2023-52775: net/smc: avoid data corruption caused by decline
        (bsc#1225088).
      • CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection
        dump (bsc#1220942).
      • CVE-2024-26623: pds_core: Prevent race issues involving the adminq
        (bsc#1221057).
      • CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in
        ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
      • CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
      • CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding
        changes (bsc#1221659).
      • CVE-2024-26641: ip6_tunnel: make sure to pull inner header in
        __ip6_tnl_rcv() (bsc#1221654).
      • CVE-2024-26663: tipc: Check the bearer type before calling
        tipc_udp_nl_bearer_add() (bsc#1222326).
      • CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU
        error (bsc#1222328).
      • CVE-2024-26691: KVM: arm64: Fix circular locking dependency (bsc#1222463).
      • CVE-2024-26734: devlink: fix possible use-after-free and memory leaks in
        devlink_init() (bsc#1222438).
      • CVE-2024-26785: iommufd: Fix protection fault in iommufd_test_syz_conv_iova
        (bsc#1222779).
      • CVE-2024-26826: mptcp: fix data re-injection from stale subflow
        (bsc#1223010).
      • CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node()
        (bsc#1223021).
      • CVE-2024-26944: btrfs: zoned: fix lock ordering in btrfs_zone_activate()
        (bsc#1223731).
      • CVE-2024-27012: netfilter: nf_tables: restore set elements when delete set
        fails (bsc#1223804).
      • CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806).
      • CVE-2024-27016: netfilter: flowtable: validate pppoe header (bsc#1223807).
      • CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in
        __nft_obj_type_get() (bsc#1223813)
      • CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in
        __nft_expr_type_get() (bsc#1223815)
      • CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)
      • CVE-2024-27064: netfilter: nf_tables: Fix a memory leak in
        nf_tables_updchain (bsc#1223740).
      • CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on
        updates (bsc#1223836).
      • CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414).
      • CVE-2024-27404: mptcp: fix data races on remote_id (bsc#1224422)
      • CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit
        (bsc#1224743).
      • CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
        (bsc#1224604).
      • CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636).
      • CVE-2024-35890: gro: fix ownership transfer (bsc#1224516).
      • CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)
      • CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before
        exit_net release (bsc#1224499)
      • CVE-2024-35908: tls: get psock ref after taking rxlock to avoid leak
        (bsc#1224490)
      • CVE-2024-35934: net/smc: reduce rtnl pressure in
        smc_pnet_create_pnetids_list() (bsc#1224641)
      • CVE-2024-35942: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to
        hdmimix domain (bsc#1224589).
      • CVE-2024-36003: ice: fix LAG and VF lock dependency in ice_reset_vf()
        (bsc#1224544).
      • CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
        (bsc#1224545)
      • CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)
      • CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in
        fib6_rule_action() (bsc#1225719).
      • CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't
        be re-encrypted (bsc#1225744).
      • CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717).
      • CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745).
      • CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl
        (bsc#1225752).
      • CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted()
        fails (bsc#1225753).
      • CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable
        (bsc#1225757).
      • CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation
        (bsc#1225851).
      • CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
        (bsc#1226519).
      • CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for
        ICMPv6 (bsc#1226783).
      • CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx
        packets (bsc#1226750).
      • CVE-2024-38598: md: fix resync softlockup when bitmap size is less than
        array size (bsc#1226757).
      • CVE-2024-38604: block: refine the EOF check in blkdev_iomap_begin
        (bsc#1226866).
      • CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port
        (bsc#1226883).
      • CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in
        ext4_xattr_block_cache_find() (bsc#1226993).
      • CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon()
        (bsc#1227103.
      • CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy
        h_size fixup (bsc#1227432).
      • CVE-2024-39474: mm/vmalloc: fix vmalloc which may return null if called with
        __GFP_NOFAIL (bsc#1227434).
      • CVE-2024-39482: bcache: fix variable length array abuse in btree_iter
        (bsc#1227447).
      • CVE-2024-39487: bonding: Fix out-of-bounds read in
        bond_option_arp_ip_targets_set() (bsc#1227573)
      • CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core
        (bsc#1227626).
      • CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name
        (bsc#1227716).
      • CVE-2024-39496: btrfs: zoned: fix use-after-free due to race with dev
        replace (bsc#1227719).
      • CVE-2024-39498: drm/mst: Fix NULL pointer dereference at
        drm_dp_add_payload_part2 (bsc#1227723)
      • CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755).
      • CVE-2024-39504: netfilter: nft_inner: validate mandatory meta and payload
        (bsc#1227757).
      • CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario
        (bsc#1227730).
      • CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-
        allocated memory (bsc#1227762).
      • CVE-2024-40906: net/mlx5: Always stop health timer during driver removal
        (bsc#1227763).
      • CVE-2024-40908: bpf: Set run context for rawtp test_run callback
        (bsc#1227783).
      • CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of
        released token in __hwrm_send() (bsc#1227779).
      • CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure
        (bsc#1227786).
      • CVE-2024-40925: block: fix request.queuelist usage in flush (bsc#1227789).
      • CVE-2024-40928: net: ethtool: fix the error condition in
        ethtool_get_phy_stats_ethtool() (bsc#1227788).
      • CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect
        (bsc#1227780).
      • CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD
        (bsc#1227797).
      • CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any()
        (bsc#1227836).
      • CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules
        creation fail (bsc#1227800).
      • CVE-2024-40947: ima: Avoid blocking in RCU read-side critical section
        (bsc#1227803).
      • CVE-2024-40948: mm/page_table_check: fix crash on ZONE_DEVICE (bsc#1227801).
      • CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in
        kvm_vcpu_on_spin() (bsc#1227806).
      • CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe()
        (bsc#1227813).
      • CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init()
        (bsc#1227814).
      • CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc
        (bsc#1227886).
      • CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899).
      • CVE-2024-40972: ext4: fold quota accounting into
        ext4_xattr_inode_lookup_create() (bsc#1227910).
      • CVE-2024-40975: platform/x86: x86-android-tablets: Unregister devices in
        reverse order (bsc#1227926).
      • CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in
        __ext4_fill_super() (bsc#1227866).
      • CVE-2024-40999: net: ena: Add validation for completion descriptors
        consistency (bsc#1227913).
      • CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry()
        (bsc#1227862).
      • CVE-2024-41013: xfs: do not walk off the end of a directory data block
        (bsc#1228405).
      • CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data
        (bsc#1228408).
      • CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403).
      • CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
      • CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).

      The following non-security bugs were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2024-August/019133.html

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-18265 kernel update [SLES15 SP6 6.4.0-150600.23.22.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. LU-18159 kernel update [SLES15 SP6 6.4.0-150600.23.7.3]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: