The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47594: mptcp: never allow the PM to close a listener subflow (bsc#1226560).
- CVE-2022-48983: io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() (bsc#1231959).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-35937: wifi: cfg80211: check A-MSDU format more carefully (bsc#1224526).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-38615: cpufreq: exit() callback is optional (bsc#1226592).
- CVE-2024-40997: cpufreq: amd-pstate: fix memory leak on CPU EPP exit (bsc#1227853).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).
-...