ISHACK AI BOT

Oracle Linux: CVE-2024-38608: ELSA-2024-5928:kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/19/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/07/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix netif state handling mlx5e_suspend cleans resources only if netif_device_present() returns true. However, mlx5e_resume changes the state of netif, via mlx5e_nic_enable, only if reg_state == NETREG_REGISTERED. In the below case, the above leads to NULL-ptr Oops[1] and memory leaks: mlx5e_probe _mlx5e_resume mlx5e_attach_netdev mlx5e_nic_enable<-- netdev not reg, not calling netif_device_attach() register_netdev <-- failed for some reason. ERROR_FLOW: _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :( Hence, clean resources in this case as well. [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0010 [#1] SMP CPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:0x0 Code: Unable to access opcode bytes at0xffffffffffffffd6. RSP: 0018:ffff888178aaf758 EFLAGS: 00010246 Call Trace: <TASK> ? __die+0x20/0x60 ? page_fault_oops+0x14c/0x3c0 ? exc_page_fault+0x75/0x140 ? asm_exc_page_fault+0x22/0x30 notifier_call_chain+0x35/0xb0 blocking_notifier_call_chain+0x3d/0x60 mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core] mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core] mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib] mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib] __mlx5_ib_add+0x34/0xd0 [mlx5_ib] mlx5r_probe+0xe1/0x210 [mlx5_ib] ? auxiliary_match_id+0x6a/0x90 auxiliary_bus_probe+0x38/0x80 ? driver_sysfs_add+0x51/0x80 really_probe+0xc9/0x3e0 ? driver_probe_device+0x90/0x90 __driver_probe_device+0x80/0x160 driver_probe_device+0x1e/0x90 __device_attach_driver+0x7d/0x100 bus_for_each_drv+0x80/0xd0 __device_attach+0xbc/0x1f0 bus_probe_device+0x86/0xa0 device_add+0x637/0x840 __auxiliary_device_add+0x3b/0xa0 add_adev+0xc9/0x140 [mlx5_core] mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core] mlx5_register_device+0x53/0xa0 [mlx5_core] mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core] mlx5_init_one+0x3b/0x60 [mlx5_core] probe_one+0x44c/0x730 [mlx5_core] local_pci_probe+0x3e/0x90 pci_device_probe+0xbf/0x210 ? kernfs_create_link+0x5d/0xa0 ? sysfs_do_create_link_sd+0x60/0xc0 really_probe+0xc9/0x3e0 ? driver_probe_device+0x90/0x90 __driver_probe_device+0x80/0x160 driver_probe_device+0x1e/0x90 __device_attach_driver+0x7d/0x100 bus_for_each_drv+0x80/0xd0 __device_attach+0xbc/0x1f0 pci_bus_add_device+0x54/0x80 pci_iov_add_virtfn+0x2e6/0x320 sriov_enable+0x208/0x420 mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core] sriov_numvfs_store+0xae/0x1a0 kernfs_fop_write_iter+0x10c/0x1a0 vfs_write+0x291/0x3c0 ksys_write+0x5f/0xe0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 CR2: 0000000000000000 ---[ end trace 0000000000000000]--- Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2024-38608 CVE - 2024-38608 ELSA-2024-5928 ELSA-2024-8856

Huawei EulerOS: CVE-2021-47609: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/19/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name string is set at maximum size of 30. Let us fix it by using devm_kasprintf so that the string buffer is allocated dynamically. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2021-47609 CVE - 2021-47609 EulerOS-SA-2024-2418

Debian: CVE-2024-38544: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt In rxe_comp_queue_pkt() an incoming response packet skb is enqueued to the resp_pkts queue and then a decision is made whether to run the completer task inline or schedule it. Finally the skb is dereferenced to bump a 'hw' performance counter. This is wrong because if the completer task is already running in a separate thread it may have already processed the skb and freed it which can cause a seg fault.This has been observed infrequently in testing at high scale. This patch fixes this by changing the order of enqueuing the packet until after the counter is accessed. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-38544 CVE - 2024-38544

SUSE: CVE-2024-38587: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 07/10/2024 Added 07/10/2024 Modified 08/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof() vs ARRAY_SIZE() bug The "buf" pointer is an array of u16 values.This code should be using ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512), otherwise it can the still got out of bounds. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-38587 CVE - 2024-38587

Oracle Linux: CVE-2024-38601: ELSA-2024-6997:kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:M/C:N/I:N/A:C) Published 06/19/2024 Created 08/20/2024 Added 08/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rb_get_reader_page() swaps a new reader page into the ring buffer by doing cmpxchg on old->list.prev->next to point it to the new page. Following that, if the operation is successful, old->list.next->prev gets updated too. This means the underlying doubly-linked list is temporarily inconsistent, page->prev->next or page->next->prev might not be equal back to page for some page in the ring buffer. The resize operation in ring_buffer_resize() can be invoked in parallel. It calls rb_check_pages() which can detect the described inconsistency and stop further tracing: [190.271762] ------------[ cut here ]------------ [190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0 [190.271789] Modules linked in: [...] [190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1 [190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: GE6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f [190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014 [190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0 [190.272023] Code: [...] [190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206 [190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80 [190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700 [190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000 [190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720 [190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000 [190.272053] FS:00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000 [190.272057] CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0 [190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [190.272077] Call Trace: [190.272098]<TASK> [190.272189]ring_buffer_resize+0x2ab/0x460 [190.272199]__tracing_resize_ring_buffer.part.0+0x23/0xa0 [190.272206]tracing_resize_ring_buffer+0x65/0x90 [190.272216]tracing_entries_write+0x74/0xc0 [190.272225]vfs_write+0xf5/0x420 [190.272248]ksys_write+0x67/0xe0 [190.272256]do_syscall_64+0x82/0x170 [190.272363]entry_SYSCALL_64_after_hwframe+0x76/0x7e [190.272373] RIP: 0033:0x7f1bd657d263 [190.272381] Code: [...] [190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263 [190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001 [190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000 [190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500 [190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002 [190.272412]</TASK> [190.272414] ---[ end trace 0000000000000000 ]--- Note that ring_buffer_resize() calls rb_check_pages() only if the parent trace_buffer has recording disabled. Recent commit d78ab792705c ("tracing: Stop current tracer when resizing buffer") causes that it is now always the case which makes it more likely to experience this issue. The window to hit this race is nonetheless very small. To help reproducing it, one can add a delay loop in rb_get_reader_page(): ret = rb_head_page_replace(reader, cpu_buffer->reader_page); if (!ret) goto spin; for (unsigned i = 0; i < 1U << 26; i++)/* inserted delay loop */ __asm__ __volatile__ ("" : : : "memory"); rb_list_head(reader->list.next)->prev = &cpu_buffer->reader_page->list; .. ---truncated--- Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-38601 CVE - 2024-38601 ELSA-2024-6997 ELSA-2024-12581 ELSA-2024-12584 ELSA-2024-12585 ELSA-2024-12611

Red Hat: CVE-2024-5953: 389-ds-base: Malformed userPassword hash may cause Denial of Service (Multiple Advisories) Severity 6 CVSS (AV:A/AC:L/Au:S/C:N/I:N/A:C) Published 06/18/2024 Created 07/20/2024 Added 07/19/2024 Modified 09/13/2024 Description A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. Solution(s) redhat-upgrade-389-ds-base redhat-upgrade-389-ds-base-debuginfo redhat-upgrade-389-ds-base-debugsource redhat-upgrade-389-ds-base-devel redhat-upgrade-389-ds-base-legacy-tools redhat-upgrade-389-ds-base-legacy-tools-debuginfo redhat-upgrade-389-ds-base-libs redhat-upgrade-389-ds-base-libs-debuginfo redhat-upgrade-389-ds-base-snmp redhat-upgrade-389-ds-base-snmp-debuginfo redhat-upgrade-python3-lib389 References CVE-2024-5953 RHSA-2024:4633 RHSA-2024:5192 RHSA-2024:5690 RHSA-2024:6569

Red Hat: CVE-2024-36974: kernel: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:C) Published 06/18/2024 Created 12/06/2024 Added 12/05/2024 Modified 12/05/2024 Description In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev->num_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-36974 RHSA-2024:9315

FreeBSD: VID-007E7E77-2F06-11EF-8A0F-A8A1599412C6 (CVE-2024-6102): chromium -- multiple security fixes Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/18/2024 Created 06/24/2024 Added 06/21/2024 Modified 01/28/2025 Description Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2024-6102

Red Hat: CVE-2024-36977: kernel: usb: dwc3: Wait unconditionally after issuing EndXfer command (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 06/18/2024 Created 12/06/2024 Added 12/05/2024 Modified 12/05/2024 Description In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing EndXfer command Currently all controller IP/revisions except DWC3_usb3 >= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3 controller revisions >= 3.10a supports GUCTL2[14: Rst_actbitlater] bit which allows polling CMDACT bit to know whether ENDXFER command is completed. Consider a case where an IN request was queued, and parallelly soft_disconnect was called (due to ffs_epfile_release). This eventually calls stop_active_transfer with IOC cleared, hence send_gadget_ep_cmd() skips waiting for CMDACT cleared during EndXfer. For DWC3 controllers with revisions >= 310a, we don't forcefully wait for 1ms either, and we proceed by unmapping the requests. If ENDXFER didn't complete by this time, it leads to SMMU faults since the controller would still be accessing those requests. Fix this by ensuring ENDXFER completion by adding 1ms delay in __dwc3_stop_active_transfer() unconditionally. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-36977 RHSA-2024:9315

Rocky Linux: CVE-2024-5953: 389-ds-1.4 (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/18/2024 Created 08/23/2024 Added 08/22/2024 Modified 11/18/2024 Description A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. Solution(s) rocky-upgrade-389-ds-base rocky-upgrade-389-ds-base-debuginfo rocky-upgrade-389-ds-base-debugsource rocky-upgrade-389-ds-base-devel rocky-upgrade-389-ds-base-legacy-tools rocky-upgrade-389-ds-base-legacy-tools-debuginfo rocky-upgrade-389-ds-base-libs rocky-upgrade-389-ds-base-libs-debuginfo rocky-upgrade-389-ds-base-snmp rocky-upgrade-389-ds-base-snmp-debuginfo References https://attackerkb.com/topics/cve-2024-5953 CVE - 2024-5953 https://errata.rockylinux.org/RLSA-2024:5192 https://errata.rockylinux.org/RLSA-2024:6569

Oracle Linux: CVE-2024-36974: ELSA-2024-12610: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:C) Published 06/18/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev->num_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-36974 CVE - 2024-36974 ELSA-2024-12610 ELSA-2024-12618 ELSA-2024-12612

Moodle: Cross-Site Request Forgery (CSRF) (CVE-2024-38276) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/18/2024 Created 08/13/2024 Added 08/12/2024 Modified 01/28/2025 Description Incorrect CSRF token checks resulted in multiple CSRF risks. Solution(s) moodle-upgrade-4_1_10 moodle-upgrade-4_2_8 moodle-upgrade-4_3_5 References https://attackerkb.com/topics/cve-2024-38276 CVE - 2024-38276 https://lists.fedoraproject.org/archives/list/[email protected]/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/ https://lists.fedoraproject.org/archives/list/[email protected]/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/ https://moodle.org/mod/forum/discuss.php?d=459501

SUSE: CVE-2024-36977: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/18/2024 Created 07/23/2024 Added 07/23/2024 Modified 08/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing EndXfer command Currently all controller IP/revisions except DWC3_usb3 >= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3 controller revisions >= 3.10a supports GUCTL2[14: Rst_actbitlater] bit which allows polling CMDACT bit to know whether ENDXFER command is completed. Consider a case where an IN request was queued, and parallelly soft_disconnect was called (due to ffs_epfile_release). This eventually calls stop_active_transfer with IOC cleared, hence send_gadget_ep_cmd() skips waiting for CMDACT cleared during EndXfer. For DWC3 controllers with revisions >= 310a, we don't forcefully wait for 1ms either, and we proceed by unmapping the requests. If ENDXFER didn't complete by this time, it leads to SMMU faults since the controller would still be accessing those requests. Fix this by ensuring ENDXFER completion by adding 1ms delay in __dwc3_stop_active_transfer() unconditionally. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-36977 CVE - 2024-36977

SUSE: CVE-2024-5953: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/18/2024 Created 08/16/2024 Added 08/15/2024 Modified 11/18/2024 Description A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. Solution(s) suse-upgrade-389-ds suse-upgrade-389-ds-devel suse-upgrade-389-ds-snmp suse-upgrade-lib389 suse-upgrade-libsvrcore0 References https://attackerkb.com/topics/cve-2024-5953 CVE - 2024-5953

vCenter Sudo Privilege Escalation Disclosed 06/18/2024 Created 12/05/2024 Description VMware vCenter Server < 7.0.3 update R and < 8.0.2 update D contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance. Tested against VMware vCenter Server Appliance 8.0.0.10000 20519528 Author(s) h00die Matei "Mal" Badanoiu Platform Linux Architectures x86, x64 Development Source Code History

SUSE: CVE-2024-36975: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/18/2024 Created 07/10/2024 Added 07/10/2024 Modified 08/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Do not use WARN when encode fails When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-36975 CVE - 2024-36975

Debian: CVE-2024-5953: 389-ds-base -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/18/2024 Created 01/23/2025 Added 01/21/2025 Modified 01/21/2025 Description A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. Solution(s) debian-upgrade-389-ds-base References https://attackerkb.com/topics/cve-2024-5953 CVE - 2024-5953 DLA-4021-1

Ubuntu: (Multiple Advisories) (CVE-2024-36974): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/18/2024 Created 09/13/2024 Added 09/12/2024 Modified 10/02/2024 Description In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev->num_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1052-gkeop ubuntu-upgrade-linux-image-5-15-0-1062-ibm ubuntu-upgrade-linux-image-5-15-0-1062-raspi ubuntu-upgrade-linux-image-5-15-0-1064-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1064-nvidia ubuntu-upgrade-linux-image-5-15-0-1064-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1066-gke ubuntu-upgrade-linux-image-5-15-0-1066-kvm ubuntu-upgrade-linux-image-5-15-0-1067-oracle ubuntu-upgrade-linux-image-5-15-0-1068-gcp ubuntu-upgrade-linux-image-5-15-0-1069-aws ubuntu-upgrade-linux-image-5-15-0-1072-azure ubuntu-upgrade-linux-image-5-15-0-1072-azure-fde ubuntu-upgrade-linux-image-5-15-0-121-generic ubuntu-upgrade-linux-image-5-15-0-121-generic-64k ubuntu-upgrade-linux-image-5-15-0-121-generic-lpae ubuntu-upgrade-linux-image-5-15-0-121-lowlatency ubuntu-upgrade-linux-image-5-15-0-121-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1043-iot ubuntu-upgrade-linux-image-5-4-0-1051-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1079-ibm ubuntu-upgrade-linux-image-5-4-0-1092-bluefield ubuntu-upgrade-linux-image-5-4-0-1099-gkeop ubuntu-upgrade-linux-image-5-4-0-1116-raspi ubuntu-upgrade-linux-image-5-4-0-1120-kvm ubuntu-upgrade-linux-image-5-4-0-1131-oracle ubuntu-upgrade-linux-image-5-4-0-1132-aws ubuntu-upgrade-linux-image-5-4-0-1136-gcp ubuntu-upgrade-linux-image-5-4-0-1137-azure ubuntu-upgrade-linux-image-5-4-0-195-generic ubuntu-upgrade-linux-image-5-4-0-195-generic-lpae ubuntu-upgrade-linux-image-5-4-0-195-lowlatency ubuntu-upgrade-linux-image-6-8-0-1010-gke ubuntu-upgrade-linux-image-6-8-0-1011-raspi ubuntu-upgrade-linux-image-6-8-0-1012-ibm ubuntu-upgrade-linux-image-6-8-0-1012-oem ubuntu-upgrade-linux-image-6-8-0-1012-oracle ubuntu-upgrade-linux-image-6-8-0-1012-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1013-nvidia ubuntu-upgrade-linux-image-6-8-0-1013-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1013-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1013-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1014-azure ubuntu-upgrade-linux-image-6-8-0-1014-azure-fde ubuntu-upgrade-linux-image-6-8-0-1014-gcp ubuntu-upgrade-linux-image-6-8-0-1015-aws ubuntu-upgrade-linux-image-6-8-0-44-generic ubuntu-upgrade-linux-image-6-8-0-44-generic-64k ubuntu-upgrade-linux-image-6-8-0-44-lowlatency ubuntu-upgrade-linux-image-6-8-0-44-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-45-generic ubuntu-upgrade-linux-image-6-8-0-45-generic-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-raspi2-hwe-18-04 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-36974 CVE - 2024-36974 USN-6999-1 USN-6999-2 USN-7003-1 USN-7003-2 USN-7003-3 USN-7003-4 USN-7003-5 USN-7004-1 USN-7005-1 USN-7005-2 USN-7006-1 USN-7007-1 USN-7007-2 USN-7007-3 USN-7008-1 USN-7009-1 USN-7009-2 USN-7019-1 USN-7029-1 View more

SUSE: CVE-2024-36974: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/18/2024 Created 08/08/2024 Added 08/08/2024 Modified 08/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev->num_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-36974 CVE - 2024-36974

Debian: CVE-2024-36977: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/18/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing EndXfer command Currently all controller IP/revisions except DWC3_usb3 >= 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWC_usb3 controller revisions >= 3.10a supports GUCTL2[14: Rst_actbitlater] bit which allows polling CMDACT bit to know whether ENDXFER command is completed. Consider a case where an IN request was queued, and parallelly soft_disconnect was called (due to ffs_epfile_release). This eventually calls stop_active_transfer with IOC cleared, hence send_gadget_ep_cmd() skips waiting for CMDACT cleared during EndXfer. For DWC3 controllers with revisions >= 310a, we don't forcefully wait for 1ms either, and we proceed by unmapping the requests. If ENDXFER didn't complete by this time, it leads to SMMU faults since the controller would still be accessing those requests. Fix this by ensuring ENDXFER completion by adding 1ms delay in __dwc3_stop_active_transfer() unconditionally. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-36977 CVE - 2024-36977

Debian: CVE-2024-36974: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/18/2024 Created 07/17/2024 Added 07/17/2024 Modified 07/17/2024 Description In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev->num_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-36974 CVE - 2024-36974 DSA-5730-1

Alma Linux: CVE-2024-37891: Moderate: python-urllib3 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/17/2024 Created 07/12/2024 Added 07/11/2024 Modified 12/19/2024 Description urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations. Solution(s) alma-upgrade-fence-agents-aliyun alma-upgrade-fence-agents-all alma-upgrade-fence-agents-amt-ws alma-upgrade-fence-agents-apc alma-upgrade-fence-agents-apc-snmp alma-upgrade-fence-agents-aws alma-upgrade-fence-agents-azure-arm alma-upgrade-fence-agents-bladecenter alma-upgrade-fence-agents-brocade alma-upgrade-fence-agents-cisco-mds alma-upgrade-fence-agents-cisco-ucs alma-upgrade-fence-agents-common alma-upgrade-fence-agents-compute alma-upgrade-fence-agents-drac5 alma-upgrade-fence-agents-eaton-snmp alma-upgrade-fence-agents-emerson alma-upgrade-fence-agents-eps alma-upgrade-fence-agents-gce alma-upgrade-fence-agents-heuristics-ping alma-upgrade-fence-agents-hpblade alma-upgrade-fence-agents-ibm-powervs alma-upgrade-fence-agents-ibm-vpc alma-upgrade-fence-agents-ibmblade alma-upgrade-fence-agents-ifmib alma-upgrade-fence-agents-ilo-moonshot alma-upgrade-fence-agents-ilo-mp alma-upgrade-fence-agents-ilo-ssh alma-upgrade-fence-agents-ilo2 alma-upgrade-fence-agents-intelmodular alma-upgrade-fence-agents-ipdu alma-upgrade-fence-agents-ipmilan alma-upgrade-fence-agents-kdump alma-upgrade-fence-agents-kubevirt alma-upgrade-fence-agents-lpar alma-upgrade-fence-agents-mpath alma-upgrade-fence-agents-openstack alma-upgrade-fence-agents-redfish alma-upgrade-fence-agents-rhevm alma-upgrade-fence-agents-rsa alma-upgrade-fence-agents-rsb alma-upgrade-fence-agents-sbd alma-upgrade-fence-agents-scsi alma-upgrade-fence-agents-virsh alma-upgrade-fence-agents-vmware-rest alma-upgrade-fence-agents-vmware-soap alma-upgrade-fence-agents-wti alma-upgrade-fence-agents-zvm alma-upgrade-fence-virt alma-upgrade-fence-virtd alma-upgrade-fence-virtd-cpg alma-upgrade-fence-virtd-libvirt alma-upgrade-fence-virtd-multicast alma-upgrade-fence-virtd-serial alma-upgrade-fence-virtd-tcp alma-upgrade-ha-cloud-support alma-upgrade-python3-urllib3 alma-upgrade-python3.11-urllib3 alma-upgrade-python3.12-urllib3 alma-upgrade-resource-agents alma-upgrade-resource-agents-aliyun alma-upgrade-resource-agents-gcp alma-upgrade-resource-agents-paf References https://attackerkb.com/topics/cve-2024-37891 CVE - 2024-37891 https://errata.almalinux.org/8/ALSA-2024-5309.html https://errata.almalinux.org/8/ALSA-2024-6309.html https://errata.almalinux.org/8/ALSA-2024-6311.html https://errata.almalinux.org/8/ALSA-2024-8842.html https://errata.almalinux.org/8/ALSA-2024-8843.html https://errata.almalinux.org/9/ALSA-2024-4422.html https://errata.almalinux.org/9/ALSA-2024-6162.html https://errata.almalinux.org/9/ALSA-2024-9457.html https://errata.almalinux.org/9/ALSA-2024-9458.html View more

Amazon Linux 2023: CVE-2024-0397: Medium priority package update for python3.9 (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:S/C:P/I:P/A:P) Published 06/17/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5. A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with aconfigured certificate directory. Solution(s) amazon-linux-2023-upgrade-python3 amazon-linux-2023-upgrade-python3-11 amazon-linux-2023-upgrade-python3-11-debug amazon-linux-2023-upgrade-python3-11-debuginfo amazon-linux-2023-upgrade-python3-11-debugsource amazon-linux-2023-upgrade-python3-11-devel amazon-linux-2023-upgrade-python3-11-idle amazon-linux-2023-upgrade-python3-11-libs amazon-linux-2023-upgrade-python3-11-test amazon-linux-2023-upgrade-python3-11-tkinter amazon-linux-2023-upgrade-python3-9-debuginfo amazon-linux-2023-upgrade-python3-9-debugsource amazon-linux-2023-upgrade-python3-debug amazon-linux-2023-upgrade-python3-devel amazon-linux-2023-upgrade-python3-idle amazon-linux-2023-upgrade-python3-libs amazon-linux-2023-upgrade-python3-test amazon-linux-2023-upgrade-python3-tkinter amazon-linux-2023-upgrade-python-unversioned-command References https://attackerkb.com/topics/cve-2024-0397 CVE - 2024-0397 https://alas.aws.amazon.com/AL2023/ALAS-2024-699.html https://alas.aws.amazon.com/AL2023/ALAS-2024-788.html

Alma Linux: CVE-2024-5953: Moderate: 389-ds:1.4 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/18/2024 Created 08/14/2024 Added 08/14/2024 Modified 09/18/2024 Description A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. Solution(s) alma-upgrade-389-ds-base alma-upgrade-389-ds-base-devel alma-upgrade-389-ds-base-legacy-tools alma-upgrade-389-ds-base-libs alma-upgrade-389-ds-base-snmp alma-upgrade-python3-lib389 References https://attackerkb.com/topics/cve-2024-5953 CVE - 2024-5953 https://errata.almalinux.org/8/ALSA-2024-6569.html https://errata.almalinux.org/9/ALSA-2024-5192.html

Red Hat: CVE-2024-38600: kernel: ALSA: Fix deadlocks with kctl removals at disconnection (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 06/19/2024 Created 12/06/2024 Added 12/05/2024 Modified 12/05/2024 Description In the Linux kernel, the following vulnerability has been resolved: ALSA: Fix deadlocks with kctl removals at disconnection In snd_card_disconnect(), we set card->shutdown flag at the beginning, call callbacks and do sync for card->power_ref_sleep waiters at the end.The callback may delete a kctl element, and this can lead to a deadlock when the device was in the suspended state.Namely: * A process waits for the power up at snd_power_ref_and_wait() in snd_ctl_info() or read/write() inside card->controls_rwsem. * The system gets disconnected meanwhile, and the driver tries to delete a kctl via snd_ctl_remove*(); it tries to take card->controls_rwsem again, but this is already locked by the above.Since the sleeper isn't woken up, this deadlocks. An easy fix is to wake up sleepers before processing the driver disconnect callbacks but right after setting the card->shutdown flag. Then all sleepers will abort immediately, and the code flows again. So, basically this patch moves the wait_event() call at the right timing.While we're at it, just to be sure, call wait_event_all() instead of wait_event(), although we don't use exclusive events on this queue for now. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-38600 RHSA-2024:9315