SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:940-1
Container Tags        : suse/sle-micro-rancher/5.3:latest
Container Release     : 7.2.340
Severity              : important
Type                  : security
References            : 1211515 1213456 1214064 1218195 1218216 1218562 1218915 1219073
                        1219126 1219127 1219146 1219295 1219633 1219653 1219827 1219835
                        1220009 1220140 1220187 1220238 1220240 1220241 1220243 1220250
                        1220251 1220253 1220254 1220255 1220257 1220326 1220328 1220330
                        1220335 1220344 1220350 1220364 1220398 1220409 1220433 1220444
                        1220457 1220459 1220469 1220649 1220735 1220736 1220796 1220797
                        1220825 1220845 1220917 1220930 1220931 1220933 CVE-2019-25162
                        CVE-2021-46923 CVE-2021-46924 CVE-2021-46932 CVE-2021-46934 CVE-2021-47083
                        CVE-2022-48627 CVE-2023-28746 CVE-2023-5197 CVE-2023-52340 CVE-2023-52429
                        CVE-2023-52439 CVE-2023-52443 CVE-2023-52445 CVE-2023-52447 CVE-2023-52448
                        CVE-2023-52449 CVE-2023-52451 CVE-2023-52452 CVE-2023-52456 CVE-2023-52457
                        CVE-2023-52463 CVE-2023-52464 CVE-2023-52467 CVE-2023-52475 CVE-2023-52478
                        CVE-2023-52482 CVE-2023-52484 CVE-2023-52530 CVE-2023-52531 CVE-2023-52559
                        CVE-2023-6270 CVE-2023-6817 CVE-2024-0607 CVE-2024-1151 CVE-2024-23849
                        CVE-2024-23850 CVE-2024-23851 CVE-2024-26585 CVE-2024-26586 CVE-2024-26589
                        CVE-2024-26591 CVE-2024-26593 CVE-2024-26595 CVE-2024-26598 CVE-2024-26602
                        CVE-2024-26603 CVE-2024-26607 CVE-2024-26622 
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:900-1
Released:    Thu Mar 14 17:47:00 2024
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1211515,1213456,1214064,1218195,1218216,1218562,1218915,1219073,1219126,1219127,1219146,1219295,1219633,1219653,1219827,1219835,1220009,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220251,1220253,1220254,1220255,1220257,1220326,1220328,1220330,1220335,1220344,1220350,1220364,1220398,1220409,1220433,1220444,1220457,1220459,1220469,1220649,1220735,1220736,1220796,1220797,1220825,1220845,1220917,1220930,1220931,1220933,CVE-2019-25162,CVE-2021-46923,CVE-2021-46924,CVE-2021-46932,CVE-2021-46934,CVE-2021-47083,CVE-2022-48627,CVE-2023-28746,CVE-2023-5197,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52447,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52452,CVE-2023-52456,CVE-2023-52457,CVE-2023-52463,CVE-2023-52464,CVE-2023-52467,CVE-2023-52475,CVE-2023-52478,CVE-2023-52482,CVE-2023-52484,CVE-2023-52530,CVE-2023-52531,CVE-2023-52559,CVE-2023-6270,CVE-2023-6817,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23850,CVE-2024-23851,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-26591,CVE-2024-26593,CVE-2024-26595,CVE-2024-26598,CVE-2024-26602,CVE-2024-26603,CVE-2024-26607,CVE-2024-26622

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach  (bsc#1220254).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close  (bsc#1220187).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2024-0607: Fixed 64-bit load issue in  nft_byteorder_eval() (bsc#1218915).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot  creation failure (bsc#1219126).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52457: Fixed skipped resource freeing if  pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52451: Fixed access beyond end of drmem array  (bsc#1220250).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier  (bsc#1220238).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround  (bsc#1220251).
- CVE-2024-26598: Fixed potential UAF in LPI translation  cache (bsc#1220326).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty  (bsc#1220240).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26595: Fixed NULL pointer dereference in  error path (bsc#1220344).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump  (bsc#1220253).
- CVE-2024-1151: Fixed unlimited number of recursions from action  sets (bsc#1219835).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv  (bsc#1219127).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).

The following non-security bugs were fixed:

- bpf: Fix verification of indirect var-off stack access (git-fixes).
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes). 
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).


The following package changes have been done:

- kernel-default-5.14.21-150400.24.111.2 updated