SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1548-1
Container Tags        : suse/sle-micro-rancher/5.4:latest
Container Release     : 3.2.244
Severity              : important
Type                  : security
References            : 1200599 1209635 1212514 1213456 1217987 1217988 1217989 1220237
                        1220251 1220320 1220340 1220366 1220411 1220413 1220439 1220443
                        1220445 1220466 1220478 1220482 1220484 1220486 1220487 1220790
                        1220831 1220833 1220836 1220839 1220840 1220843 1220870 1220871
                        1220872 1220878 1220879 1220885 1220898 1220918 1220920 1220921
                        1220926 1220927 1220929 1220932 1220938 1220940 1220954 1220955
                        1220959 1220960 1220961 1220965 1220969 1220978 1220979 1220981
                        1220982 1220983 1220985 1220986 1220987 1220989 1220990 1221009
                        1221012 1221015 1221022 1221039 1221040 1221048 1221055 1221058
                        1221077 1221276 1221551 1221553 1221725 1222073 1222619 CVE-2021-46925
                        CVE-2021-46926 CVE-2021-46927 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931
                        CVE-2021-46933 CVE-2021-46936 CVE-2021-47082 CVE-2021-47087 CVE-2021-47091
                        CVE-2021-47093 CVE-2021-47094 CVE-2021-47095 CVE-2021-47096 CVE-2021-47097
                        CVE-2021-47098 CVE-2021-47099 CVE-2021-47100 CVE-2021-47101 CVE-2021-47102
                        CVE-2021-47104 CVE-2021-47105 CVE-2021-47107 CVE-2021-47108 CVE-2022-20154
                        CVE-2022-4744 CVE-2022-48626 CVE-2022-48629 CVE-2022-48630 CVE-2023-28746
                        CVE-2023-35827 CVE-2023-52447 CVE-2023-52450 CVE-2023-52454 CVE-2023-52469
                        CVE-2023-52470 CVE-2023-52474 CVE-2023-52477 CVE-2023-52492 CVE-2023-52497
                        CVE-2023-52501 CVE-2023-52502 CVE-2023-52504 CVE-2023-52507 CVE-2023-52508
                        CVE-2023-52509 CVE-2023-52510 CVE-2023-52511 CVE-2023-52513 CVE-2023-52515
                        CVE-2023-52517 CVE-2023-52519 CVE-2023-52520 CVE-2023-52523 CVE-2023-52524
                        CVE-2023-52525 CVE-2023-52528 CVE-2023-52529 CVE-2023-52532 CVE-2023-52564
                        CVE-2023-52566 CVE-2023-52567 CVE-2023-52569 CVE-2023-52574 CVE-2023-52575
                        CVE-2023-52576 CVE-2023-52582 CVE-2023-52583 CVE-2023-52597 CVE-2023-52605
                        CVE-2023-52621 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2024-25742
                        CVE-2024-26600 
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1321-1
Released:    Wed Apr 17 00:45:42 2024
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1200599,1209635,1212514,1213456,1217987,1217988,1217989,1220237,1220251,1220320,1220340,1220366,1220411,1220413,1220439,1220443,1220445,1220466,1220478,1220482,1220484,1220486,1220487,1220790,1220831,1220833,1220836,1220839,1220840,1220843,1220870,1220871,1220872,1220878,1220879,1220885,1220898,1220918,1220920,1220921,1220926,1220927,1220929,1220932,1220938,1220940,1220954,1220955,1220959,1220960,1220961,1220965,1220969,1220978,1220979,1220981,1220982,1220983,1220985,1220986,1220987,1220989,1220990,1221009,1221012,1221015,1221022,1221039,1221040,1221048,1221055,1221058,1221077,1221276,1221551,1221553,1221725,1222073,1222619,CVE-2021-46925,CVE-2021-46926,CVE-2021-46927,CVE-2021-46929,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46936,CVE-2021-47082,CVE-2021-47087,CVE-2021-47091,CVE-2021-47093,CVE-2021-47094,CVE-2021-47095,CVE-2021-47096,CVE-2021-47097,CVE-2021-47098,CVE-2021-47099,CVE-2021-47100,CVE-2021-47101,CVE-2021-47102,CVE-2021-47104,CVE-2021-47105,CVE-2021-47107,CVE-2021-47108,CVE-2022-20154,CVE-2022-4744,CVE-2022-48626,CVE-2022-48629,CVE-2022-48630,CVE-2023-28746,CVE-2023-35827,CVE-2023-52447,CVE-2023-52450,CVE-2023-52454,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52477,CVE-2023-52492,CVE-2023-52497,CVE-2023-52501,CVE-2023-52502,CVE-2023-52504,CVE-2023-52507,CVE-2023-52508,CVE-2023-52509,CVE-2023-52510,CVE-2023-52511,CVE-2023-52513,CVE-2023-52515,CVE-2023-52517,CVE-2023-52519,CVE-2023-52520,CVE-2023-52523,CVE-2023-52524,CVE-2023-52525,CVE-2023-52528,CVE-2023-52529,CVE-2023-52532,CVE-2023-52564,CVE-2023-52566,CVE-2023-52567,CVE-2023-52569,CVE-2023-52574,CVE-2023-52575,CVE-2023-52576,CVE-2023-52582,CVE-2023-52583,CVE-2023-52597,CVE-2023-52605,CVE-2023-52621,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2024-25742,CVE-2024-26600

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52513: Fixed connection failure handling  in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround  (bsc#1220251).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52567: Fixed possible Oops in  serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).

The following non-security bugs were fixed:

- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).


The following package changes have been done:

- kernel-default-5.14.21-150400.24.116.1 updated