Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2024:0478-1
Rating:	important
References:	bsc#1108281 bsc#1193285 bsc#1215275 bsc#1216702 bsc#1217987 bsc#1217988 bsc#1217989 bsc#1218713 bsc#1218730 bsc#1218752 bsc#1218757 bsc#1218768 bsc#1218804 bsc#1218832 bsc#1218836 bsc#1219053 bsc#1219120 bsc#1219412 bsc#1219434
Cross-References:	CVE-2021-33631 CVE-2023-46838 CVE-2023-47233 CVE-2023-4921 CVE-2023-51043 CVE-2023-51780 CVE-2023-51782 CVE-2023-6040 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-6915 CVE-2024-0565 CVE-2024-0775 CVE-2024-1086
CVSS scores:	CVE-2021-33631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33631 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-46838 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2023-46838 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-47233 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-47233 ( NVD ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-51043 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-51043 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-51780 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-51780 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-51782 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-51782 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6040 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2023-6040 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6356 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-6356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-6535 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-6535 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-6536 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-6536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-6915 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-6915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-0565 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-0565 ( NVD ): 7.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2024-0775 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2024-0775 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-1086 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-1086 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Live Patching 15-SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves 15 vulnerabilities and has four security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
• CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
• CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
• CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
• CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
• CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
• CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
• CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within nf_tables_newtable function (bsc#1218752).
• CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
• CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
• CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
• CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
• CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
• CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
• CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).

The following non-security bugs were fixed:

• build: Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
• docs: Store the old kernel changelog entries in kernel-docs package (bsc#1218713)
• mkspec: Include constraints for both multibuild and plain package always
• rpm/kernel-docs.spec.in: fix build with 6.8 Since upstream commit f061c9f7d058
• rpm/kernel-source.rpmlintrc: add action-ebpf Upstream commit a79d8ba734bd
• rpm/mkspec: use kernel-source: prefix for constraints on multibuild Otherwise the constraints are not applied with multibuild enabled.
• x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15-SP2
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-478=1
• SUSE Linux Enterprise High Availability Extension 15 SP2
  zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-478=1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-478=1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-478=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-478=1

Package List:

• SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.178.1
• SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
  • kernel-default-debugsource-5.3.18-150200.24.178.1
  • kernel-default-livepatch-5.3.18-150200.24.178.1
  • kernel-default-debuginfo-5.3.18-150200.24.178.1
  • kernel-livepatch-5_3_18-150200_24_178-default-debuginfo-1-150200.5.3.1
  • kernel-livepatch-SLE15-SP2_Update_45-debugsource-1-150200.5.3.1
  • kernel-default-livepatch-devel-5.3.18-150200.24.178.1
  • kernel-livepatch-5_3_18-150200_24_178-default-1-150200.5.3.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
  • gfs2-kmp-default-5.3.18-150200.24.178.1
  • dlm-kmp-default-5.3.18-150200.24.178.1
  • dlm-kmp-default-debuginfo-5.3.18-150200.24.178.1
  • gfs2-kmp-default-debuginfo-5.3.18-150200.24.178.1
  • kernel-default-debugsource-5.3.18-150200.24.178.1
  • kernel-default-debuginfo-5.3.18-150200.24.178.1
  • ocfs2-kmp-default-5.3.18-150200.24.178.1
  • cluster-md-kmp-default-debuginfo-5.3.18-150200.24.178.1
  • cluster-md-kmp-default-5.3.18-150200.24.178.1
  • ocfs2-kmp-default-debuginfo-5.3.18-150200.24.178.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.178.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-default-5.3.18-150200.24.178.1
  • kernel-preempt-5.3.18-150200.24.178.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
  • kernel-preempt-debuginfo-5.3.18-150200.24.178.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.178.1
  • kernel-default-debugsource-5.3.18-150200.24.178.1
  • kernel-default-devel-5.3.18-150200.24.178.1
  • kernel-preempt-devel-5.3.18-150200.24.178.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.178.1
  • kernel-obs-build-5.3.18-150200.24.178.1
  • kernel-default-debuginfo-5.3.18-150200.24.178.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.178.1
  • kernel-default-base-5.3.18-150200.24.178.1.150200.9.91.1
  • kernel-preempt-debugsource-5.3.18-150200.24.178.1
  • kernel-syms-5.3.18-150200.24.178.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.178.1
  • kernel-macros-5.3.18-150200.24.178.1
  • kernel-source-5.3.18-150200.24.178.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.178.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-5.3.18-150200.24.178.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64)
  • kernel-default-devel-debuginfo-5.3.18-150200.24.178.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.178.1
  • kernel-default-debugsource-5.3.18-150200.24.178.1
  • kernel-default-devel-5.3.18-150200.24.178.1
  • kernel-obs-build-5.3.18-150200.24.178.1
  • kernel-default-debuginfo-5.3.18-150200.24.178.1
  • reiserfs-kmp-default-5.3.18-150200.24.178.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.178.1
  • kernel-default-base-5.3.18-150200.24.178.1.150200.9.91.1
  • kernel-syms-5.3.18-150200.24.178.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.178.1
  • kernel-macros-5.3.18-150200.24.178.1
  • kernel-source-5.3.18-150200.24.178.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.178.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.178.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
  • kernel-preempt-devel-5.3.18-150200.24.178.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.178.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.178.1
  • kernel-preempt-debugsource-5.3.18-150200.24.178.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64)
  • kernel-default-5.3.18-150200.24.178.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
  • kernel-default-devel-debuginfo-5.3.18-150200.24.178.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.178.1
  • kernel-default-debugsource-5.3.18-150200.24.178.1
  • kernel-default-devel-5.3.18-150200.24.178.1
  • kernel-obs-build-5.3.18-150200.24.178.1
  • kernel-default-debuginfo-5.3.18-150200.24.178.1
  • reiserfs-kmp-default-5.3.18-150200.24.178.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.178.1
  • kernel-default-base-5.3.18-150200.24.178.1.150200.9.91.1
  • kernel-syms-5.3.18-150200.24.178.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.178.1
  • kernel-macros-5.3.18-150200.24.178.1
  • kernel-source-5.3.18-150200.24.178.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.178.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.178.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
  • kernel-preempt-devel-5.3.18-150200.24.178.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.178.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.178.1
  • kernel-preempt-debugsource-5.3.18-150200.24.178.1

References:

• https://www.suse.com/security/cve/CVE-2021-33631.html
• https://www.suse.com/security/cve/CVE-2023-46838.html
• https://www.suse.com/security/cve/CVE-2023-47233.html
• https://www.suse.com/security/cve/CVE-2023-4921.html
• https://www.suse.com/security/cve/CVE-2023-51043.html
• https://www.suse.com/security/cve/CVE-2023-51780.html
• https://www.suse.com/security/cve/CVE-2023-51782.html
• https://www.suse.com/security/cve/CVE-2023-6040.html
• https://www.suse.com/security/cve/CVE-2023-6356.html
• https://www.suse.com/security/cve/CVE-2023-6535.html
• https://www.suse.com/security/cve/CVE-2023-6536.html
• https://www.suse.com/security/cve/CVE-2023-6915.html
• https://www.suse.com/security/cve/CVE-2024-0565.html
• https://www.suse.com/security/cve/CVE-2024-0775.html
• https://www.suse.com/security/cve/CVE-2024-1086.html
• https://bugzilla.suse.com/show_bug.cgi?id=1108281
• https://bugzilla.suse.com/show_bug.cgi?id=1193285
• https://bugzilla.suse.com/show_bug.cgi?id=1215275
• https://bugzilla.suse.com/show_bug.cgi?id=1216702
• https://bugzilla.suse.com/show_bug.cgi?id=1217987
• https://bugzilla.suse.com/show_bug.cgi?id=1217988
• https://bugzilla.suse.com/show_bug.cgi?id=1217989
• https://bugzilla.suse.com/show_bug.cgi?id=1218713
• https://bugzilla.suse.com/show_bug.cgi?id=1218730
• https://bugzilla.suse.com/show_bug.cgi?id=1218752
• https://bugzilla.suse.com/show_bug.cgi?id=1218757
• https://bugzilla.suse.com/show_bug.cgi?id=1218768
• https://bugzilla.suse.com/show_bug.cgi?id=1218804
• https://bugzilla.suse.com/show_bug.cgi?id=1218832
• https://bugzilla.suse.com/show_bug.cgi?id=1218836
• https://bugzilla.suse.com/show_bug.cgi?id=1219053
• https://bugzilla.suse.com/show_bug.cgi?id=1219120
• https://bugzilla.suse.com/show_bug.cgi?id=1219412
• https://bugzilla.suse.com/show_bug.cgi?id=1219434