SB2024121750 - SUSE update for the Linux Kernel

Description

This security bulletin contains information about 23 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2023-52922)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bcm_release() function in net/can/bcm.c. A local user can escalate privileges on the system.

2) Double free (CVE-ID: CVE-2024-26782)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the mptcp_inet6_sk() and mptcp_sk_clone() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

3) Use-after-free (CVE-ID: CVE-2024-44932)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the idpf_vport_intr_napi_dis_all() and idpf_vport_intr_rel() functions in drivers/net/ethernet/intel/idpf/idpf_txrx.c, within the idpf_vport_stop(), idpf_vport_open() and idpf_send_map_unmap_queue_vector_msg() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can escalate privileges on the system.

4) Memory leak (CVE-ID: CVE-2024-44964)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the idpf_rx_init_buf_tail(), idpf_vport_open(), idpf_init_task(), idpf_initiate_soft_reset() and idpf_open() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.

5) Out-of-bounds read (CVE-ID: CVE-2024-47757)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

6) Input validation error (CVE-ID: CVE-2024-50017)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ident_pud_init() function in arch/x86/mm/ident_map.c. A local user can perform a denial of service (DoS) attack.

7) Input validation error (CVE-ID: CVE-2024-50089)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfdicf_init() and main() functions in fs/unicode/mkutf8data.c. A local user can perform a denial of service (DoS) attack.

8) Out-of-bounds read (CVE-ID: CVE-2024-50115)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.

9) Use-after-free (CVE-ID: CVE-2024-50125)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the SCO_CONN_TIMEOUT(), sco_sock_timeout() and sco_conn_del() functions in net/bluetooth/sco.c, within the bt_sock_unlink() function in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.

10) Use-after-free (CVE-ID: CVE-2024-50127)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the taprio_change() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.

11) Use-after-free (CVE-ID: CVE-2024-50154)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.

12) Use of uninitialized resource (CVE-ID: CVE-2024-50205)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.

13) Input validation error (CVE-ID: CVE-2024-50259)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nsim_nexthop_bucket_activity_write() function in drivers/net/netdevsim/fib.c. A local user can perform a denial of service (DoS) attack.

14) Use-after-free (CVE-ID: CVE-2024-50264)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.

15) Use-after-free (CVE-ID: CVE-2024-50267)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the edge_bulk_out_data_callback() and edge_bulk_out_cmd_callback() functions in drivers/usb/serial/io_edgeport.c. A local user can escalate privileges on the system.

16) Improper locking (CVE-ID: CVE-2024-50274)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the idpf_handle_event_link() function in drivers/net/ethernet/intel/idpf/idpf_virtchnl.c, within the idpf_initiate_soft_reset() function in drivers/net/ethernet/intel/idpf/idpf_lib.c, within the idpf_set_msglevel() function in drivers/net/ethernet/intel/idpf/idpf_ethtool.c. A local user can perform a denial of service (DoS) attack.

17) Out-of-bounds read (CVE-ID: CVE-2024-50279)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

18) Integer underflow (CVE-ID: CVE-2024-50290)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.

19) Out-of-bounds read (CVE-ID: CVE-2024-50301)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.

20) Memory leak (CVE-ID: CVE-2024-50302)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Note, the vulnerability is being actively exploited in the wild against Android devices.

21) Buffer overflow (CVE-ID: CVE-2024-53061)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.

22) Resource management error (CVE-ID: CVE-2024-53063)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.

23) Use-after-free (CVE-ID: CVE-2024-53068)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL(), __scmi_device_destroy() and __scmi_device_create() functions in drivers/firmware/arm_scmi/bus.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2024/suse-su-20244346-1/