SUSE Container Update Advisory: ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1904-1 Container Tags : suse/sle-micro-rancher/5.2:latest Container Release : 7.5.339 Severity : important Type : security References : 1184942 1186060 1192145 1194516 1208995 1209635 1209657 1212514 1213456 1217987 1217988 1217989 1218336 1218447 1218479 1218562 1219170 1219264 1220320 1220340 1220366 1220400 1220411 1220413 1220414 1220425 1220426 1220429 1220432 1220442 1220445 1220465 1220468 1220475 1220484 1220486 1220487 1220516 1220521 1220528 1220529 1220532 1220554 1220556 1220557 1220560 1220561 1220566 1220575 1220580 1220583 1220611 1220615 1220621 1220625 1220630 1220631 1220638 1220639 1220640 1220641 1220662 1220663 1220669 1220670 1220677 1220678 1220685 1220687 1220688 1220692 1220697 1220703 1220706 1220733 1220734 1220739 1220743 1220745 1220749 1220751 1220753 1220758 1220759 1220764 1220768 1220769 1220777 1220779 1220785 1220790 1220794 1220824 1220826 1220829 1220836 1220846 1220850 1220861 1220871 1220883 1220946 1220954 1220969 1220979 1220982 1220985 1220987 1221015 1221044 1221058 1221061 1221077 1221088 1221276 1221293 1221532 1221534 1221541 1221548 1221552 1221575 1221605 1221606 1221608 1221830 1221931 1221932 1221934 1221935 1221949 1221952 1221965 1221966 1221969 1221973 1221974 1221978 1221989 1221990 1221991 1221992 1221993 1221994 1221996 1221997 1221998 1221999 1222000 1222001 1222002 1222003 1222004 1222117 1222422 1222585 1222619 1222660 1222664 1222669 1222706 CVE-2020-36780 CVE-2020-36781 CVE-2020-36782 CVE-2020-36783 CVE-2021-23134 CVE-2021-29155 CVE-2021-46908 CVE-2021-46909 CVE-2021-46911 CVE-2021-46914 CVE-2021-46917 CVE-2021-46918 CVE-2021-46919 CVE-2021-46920 CVE-2021-46921 CVE-2021-46922 CVE-2021-46930 CVE-2021-46931 CVE-2021-46933 CVE-2021-46938 CVE-2021-46939 CVE-2021-46943 CVE-2021-46944 CVE-2021-46950 CVE-2021-46951 CVE-2021-46956 CVE-2021-46958 CVE-2021-46959 CVE-2021-46960 CVE-2021-46961 CVE-2021-46962 CVE-2021-46963 CVE-2021-46971 CVE-2021-46976 CVE-2021-46980 CVE-2021-46981 CVE-2021-46983 CVE-2021-46984 CVE-2021-46988 CVE-2021-46990 CVE-2021-46991 CVE-2021-46992 CVE-2021-46998 CVE-2021-47000 CVE-2021-47001 CVE-2021-47003 CVE-2021-47006 CVE-2021-47009 CVE-2021-47013 CVE-2021-47014 CVE-2021-47015 CVE-2021-47017 CVE-2021-47020 CVE-2021-47026 CVE-2021-47034 CVE-2021-47035 CVE-2021-47038 CVE-2021-47044 CVE-2021-47045 CVE-2021-47046 CVE-2021-47049 CVE-2021-47051 CVE-2021-47055 CVE-2021-47056 CVE-2021-47058 CVE-2021-47061 CVE-2021-47063 CVE-2021-47065 CVE-2021-47068 CVE-2021-47069 CVE-2021-47070 CVE-2021-47071 CVE-2021-47073 CVE-2021-47077 CVE-2021-47082 CVE-2021-47087 CVE-2021-47095 CVE-2021-47097 CVE-2021-47100 CVE-2021-47101 CVE-2021-47109 CVE-2021-47110 CVE-2021-47112 CVE-2021-47114 CVE-2021-47117 CVE-2021-47118 CVE-2021-47119 CVE-2021-47120 CVE-2021-47130 CVE-2021-47136 CVE-2021-47137 CVE-2021-47138 CVE-2021-47139 CVE-2021-47141 CVE-2021-47142 CVE-2021-47144 CVE-2021-47150 CVE-2021-47153 CVE-2021-47160 CVE-2021-47161 CVE-2021-47164 CVE-2021-47165 CVE-2021-47166 CVE-2021-47167 CVE-2021-47168 CVE-2021-47169 CVE-2021-47170 CVE-2021-47171 CVE-2021-47172 CVE-2021-47173 CVE-2021-47174 CVE-2021-47175 CVE-2021-47176 CVE-2021-47177 CVE-2021-47179 CVE-2021-47180 CVE-2021-47181 CVE-2021-47183 CVE-2021-47185 CVE-2021-47189 CVE-2022-0487 CVE-2022-4744 CVE-2022-48626 CVE-2023-0160 CVE-2023-1192 CVE-2023-28746 CVE-2023-35827 CVE-2023-52454 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52476 CVE-2023-52477 CVE-2023-52492 CVE-2023-52500 CVE-2023-52508 CVE-2023-52509 CVE-2023-52572 CVE-2023-52575 CVE-2023-52583 CVE-2023-52590 CVE-2023-52591 CVE-2023-52607 CVE-2023-52628 CVE-2023-6270 CVE-2023-6356 CVE-2023-6531 CVE-2023-6535 CVE-2023-6536 CVE-2023-7042 CVE-2023-7192 CVE-2024-22099 CVE-2024-26600 CVE-2024-26614 CVE-2024-26642 CVE-2024-26704 CVE-2024-26733 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1489-1 Released: Fri May 3 09:36:22 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1184942,1186060,1192145,1194516,1208995,1209635,1209657,1212514,1213456,1217987,1217988,1217989,1218336,1218447,1218479,1218562,1219170,1219264,1220320,1220340,1220366,1220400,1220411,1220413,1220414,1220425,1220426,1220429,1220432,1220442,1220445,1220465,1220468,1220475,1220484,1220486,1220487,1220516,1220521,1220528,1220529,1220532,1220554,1220556,1220557,1220560,1220561,1220566,1220575,1220580,1220583,1220611,1220615,1220621,1220625,1220630,1220631,1220638,1220639,1220640,1220641,1220662,1220663,1220669,1220670,1220677,1220678,1220685,1220687,1220688,1220692,1220697,1220703,1220706,1220733,1220734,1220739,1220743,1220745,1220749,1220751,1220753,1220758,1220759,1220764,1220768,1220769,1220777,1220779,1220785,1220790,1220794,1220824,1220826,1220829,1220836,1220846,1220850,1220861,1220871,1220883,1220946,1220954,1220969,1220979,1220982,1220985,1220987,1221015,1221044,1221058,1221061,1221077,1221088,1221276,1221293,1221532,1221534,1221541,1221548,1221552,1221575,1221605,1221606,1221608,1221830,1221931,1221932,1221934,1221935,1221949,1221952,1221965,1221966,1221969,1221973,1221974,1221978,1221989,1221990,1221991,1221992,1221993,1221994,1221996,1221997,1221998,1221999,1222000,1222001,1222002,1222003,1222004,1222117,1222422,1222585,1222619,1222660,1222664,1222669,1222706,CVE-2020-36780,CVE-2020-36781,CVE-2020-36782,CVE-2020-36783,CVE-2021-23134,CVE-2021-29155,CVE-2021-46908,CVE-2021-46909,CVE-2021-46911,CVE-2021-46914,CVE-2021-46917,CVE-2021-46918,CVE-2021-46919,CVE-2021-46920,CVE-2021-46921,CVE-2021-46922,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46938,CVE-2021-46939,CVE-2021-46943,CVE-2021-46944,CVE-2021-46950,CVE-2021-46951,CVE-2021-46956,CVE-2021-46958,CVE-2021-46959,CVE-2021-46960,CVE-2021-46961,CVE-2021-46962,CVE-2021-46963,CVE-2021-46971,CVE-2021-46976,CVE-2021-46980,CVE-2021-46981,CVE-2021-46983,CVE-2021-46984,CVE-2021-46988,CVE-2021-46990,CVE-2021-46991,CVE-2021-46992,CVE-2021-46998,CVE-2021-47000,CVE-2021-47001,CVE-2021-47003,CVE-2021-47006,CVE-2021-47009,CVE-2021-47013,CVE-2021-47014,CVE-2021-47015,CVE-2021-47017,CVE-2021-47020,CVE-2021-47026,CVE-2021-47034,CVE-2021-47035,CVE-2021-47038,CVE-2021-47044,CVE-2021-47045,CVE-2021-47046,CVE-2021-47049,CVE-2021-47051,CVE-2021-47055,CVE-2021-47056,CVE-2021-47058,CVE-2021-47061,CVE-2021-47063,CVE-2021-47065,CVE-2021-47068,CVE-2021-47069,CVE-2021-47070,CVE-2021-47071,CVE-2021-47073,CVE-2021-47077,CVE-2021-47082,CVE-2021-47087,CVE-2021-47095,CVE-2021-47097,CVE-2021-47100,CVE-2021-47101,CVE-2021-47109,CVE-2021-47110,CVE-2021-47112,CVE-2021-47114,CVE-2021-47117,CVE-2021-47118,CVE-2021-47119,CVE-2021-47120,CVE-2021-47130,CVE-2021-47136,CVE-2021-47137,CVE-2021-47138,CVE-2021-47139,CVE-2021-47141,CVE-2021-47142,CVE-2021-47144,CVE-2021-47150,CVE-2021-47153,CVE-2021-47160,CVE-2021-47161,CVE-2021-47164,CVE-2021-47165,CVE-2021-47166,CVE-2021-47167,CVE-2021-47168,CVE-2021-47169,CVE-2021-47170,CVE-2021-47171,CVE-2021-47172,CVE-2021-47173,CVE-2021-47174,CVE-2021-47175,CVE-2021-47176,CVE-2021-47177,CVE-2021-47179,CVE-2021-47180,CVE-2021-47181,CVE-2021-47183,CVE-2021-47185,CVE-2021-47189,CVE-2022-0487,CVE-2022-4744,CVE-2022-48626,CVE-2023-0160,CVE-2023-1192,CVE-2023-28746,CVE-2023-35827,CVE-2023-52454,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52476,CVE-2023-52477,CVE-2023-52492,CVE-2023-52500,CVE-2023-52508,CVE-2023-52509,CVE-2023-52572,CVE-2023-52575,CVE-2023-52583,CVE-2023-52590,CVE-2023-52591,CVE-2023-52607,CVE-2023-52628,CVE-2023-6270,CVE-2023-6356,CVE-2023-6531,CVE-2023-6535,CVE-2023-6536,CVE-2023-7042,CVE-2023-7192,CVE-2024-22099,CVE-2024-26600,CVE-2024-26614,CVE-2024-26642,CVE-2024-26704,CVE-2024-26733 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557). - CVE-2021-46911: Fixed kernel panic (bsc#1220400). - CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465). - CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432). - CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429). - CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414). - CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426). - CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516). - CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734). - CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529). - CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697). - CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621). - CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663). - CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639). - CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706). - CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670). - CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677). - CVE-2021-47009: Fixed memory leak on object td (bsc#1220733). - CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630). - CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678). - CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685). - CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688). - CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753). - CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759). - CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534). - CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552). - CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932). - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973). - CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974). - CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978). - CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990). - CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). The following non-security bugs were fixed: - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - group-source-files.pl: Quote filenames (boo#1221077). - kernel-binary: certs: Avoid trailing space - mm: fix gup_pud_range (bsc#1220824). The following package changes have been done: - kernel-default-5.3.18-150300.59.158.1 updated