{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel","title":"Title of the patch"},{"category":"description","text":"\nThe SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-45003: Don't evict inode under the inode lru traversing context. (bsc#1230245) \n\nThe following non-security bugs were fixed:\n\n- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section'. (bsc#1230413)\n- Revert 'mm/sparsemem: fix race in accessing memory_section->usage'. (bsc#1230413)\n- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()'. (bsc#1230413)\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2024-3403,SUSE-SLE-Micro-5.3-2024-3403,SUSE-SLE-Micro-5.4-2024-3403","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3403-1.json"},{"category":"self","summary":"URL for SUSE-SU-2024:3403-1","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20243403-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2024:3403-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2024-September/019501.html"},{"category":"self","summary":"SUSE Bug 1230245","url":"https://bugzilla.suse.com/1230245"},{"category":"self","summary":"SUSE Bug 1230413","url":"https://bugzilla.suse.com/1230413"},{"category":"self","summary":"SUSE CVE CVE-2024-45003 page","url":"https://www.suse.com/security/cve/CVE-2024-45003/"}],"title":"Security update for the Linux Kernel","tracking":{"current_release_date":"2024-09-23T13:55:21Z","generator":{"date":"2024-09-23T13:55:21Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2024:3403-1","initial_release_date":"2024-09-23T13:55:21Z","revision_history":[{"date":"2024-09-23T13:55:21Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-devel-rt-5.14.21-150400.15.94.1.noarch","product":{"name":"kernel-devel-rt-5.14.21-150400.15.94.1.noarch","product_id":"kernel-devel-rt-5.14.21-150400.15.94.1.noarch"}},{"category":"product_version","name":"kernel-source-rt-5.14.21-150400.15.94.1.noarch","product":{"name":"kernel-source-rt-5.14.21-150400.15.94.1.noarch","product_id":"kernel-source-rt-5.14.21-150400.15.94.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"cluster-md-kmp-rt-5.14.21-150400.15.94.1.x86_64","product":{"name":"cluster-md-kmp-rt-5.14.21-150400.15.94.1.x86_64","product_id":"cluster-md-kmp-rt-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"dlm-kmp-rt-5.14.21-150400.15.94.1.x86_64","product":{"name":"dlm-kmp-rt-5.14.21-150400.15.94.1.x86_64","product_id":"dlm-kmp-rt-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"gfs2-kmp-rt-5.14.21-150400.15.94.1.x86_64","product":{"name":"gfs2-kmp-rt-5.14.21-150400.15.94.1.x86_64","product_id":"gfs2-kmp-rt-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"kernel-rt-5.14.21-150400.15.94.1.x86_64","product":{"name":"kernel-rt-5.14.21-150400.15.94.1.x86_64","product_id":"kernel-rt-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"kernel-rt-devel-5.14.21-150400.15.94.1.x86_64","product":{"name":"kernel-rt-devel-5.14.21-150400.15.94.1.x86_64","product_id":"kernel-rt-devel-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"kernel-rt-extra-5.14.21-150400.15.94.1.x86_64","product":{"name":"kernel-rt-extra-5.14.21-150400.15.94.1.x86_64","product_id":"kernel-rt-extra-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"kernel-rt-livepatch-5.14.21-150400.15.94.1.x86_64","product":{"name":"kernel-rt-livepatch-5.14.21-150400.15.94.1.x86_64","product_id":"kernel-rt-livepatch-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"kernel-rt-livepatch-devel-5.14.21-150400.15.94.1.x86_64","product":{"name":"kernel-rt-livepatch-devel-5.14.21-150400.15.94.1.x86_64","product_id":"kernel-rt-livepatch-devel-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"kernel-rt-optional-5.14.21-150400.15.94.1.x86_64","product":{"name":"kernel-rt-optional-5.14.21-150400.15.94.1.x86_64","product_id":"kernel-rt-optional-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"kernel-rt_debug-5.14.21-150400.15.94.1.x86_64","product":{"name":"kernel-rt_debug-5.14.21-150400.15.94.1.x86_64","product_id":"kernel-rt_debug-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"kernel-rt_debug-devel-5.14.21-150400.15.94.1.x86_64","product":{"name":"kernel-rt_debug-devel-5.14.21-150400.15.94.1.x86_64","product_id":"kernel-rt_debug-devel-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"kernel-rt_debug-livepatch-devel-5.14.21-150400.15.94.1.x86_64","product":{"name":"kernel-rt_debug-livepatch-devel-5.14.21-150400.15.94.1.x86_64","product_id":"kernel-rt_debug-livepatch-devel-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"kernel-syms-rt-5.14.21-150400.15.94.1.x86_64","product":{"name":"kernel-syms-rt-5.14.21-150400.15.94.1.x86_64","product_id":"kernel-syms-rt-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"kselftests-kmp-rt-5.14.21-150400.15.94.1.x86_64","product":{"name":"kselftests-kmp-rt-5.14.21-150400.15.94.1.x86_64","product_id":"kselftests-kmp-rt-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"ocfs2-kmp-rt-5.14.21-150400.15.94.1.x86_64","product":{"name":"ocfs2-kmp-rt-5.14.21-150400.15.94.1.x86_64","product_id":"ocfs2-kmp-rt-5.14.21-150400.15.94.1.x86_64"}},{"category":"product_version","name":"reiserfs-kmp-rt-5.14.21-150400.15.94.1.x86_64","product":{"name":"reiserfs-kmp-rt-5.14.21-150400.15.94.1.x86_64","product_id":"reiserfs-kmp-rt-5.14.21-150400.15.94.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Micro 5.3","product":{"name":"SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-micro:5.3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Micro 5.4","product":{"name":"SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4","product_identification_helper":{"cpe":"cpe:/o:suse:sle-micro:5.4"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-rt-5.14.21-150400.15.94.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.94.1.x86_64"},"product_reference":"kernel-rt-5.14.21-150400.15.94.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-rt-5.14.21-150400.15.94.1.noarch as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.94.1.noarch"},"product_reference":"kernel-source-rt-5.14.21-150400.15.94.1.noarch","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-5.14.21-150400.15.94.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.94.1.x86_64"},"product_reference":"kernel-rt-5.14.21-150400.15.94.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-rt-5.14.21-150400.15.94.1.noarch as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.94.1.noarch"},"product_reference":"kernel-source-rt-5.14.21-150400.15.94.1.noarch","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"}]},"vulnerabilities":[{"cve":"CVE-2024-45003","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-45003"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don't evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea\n 3. Then, following three processes running like this:\n\n PA PB\n echo 2 > /proc/sys/vm/drop_caches\n shrink_slab\n prune_dcache_sb\n // i_reg is added into lru, lru->i_ea->i_reg\n prune_icache_sb\n list_lru_walk_one\n inode_lru_isolate\n i_ea->i_state |= I_FREEING // set inode state\n inode_lru_isolate\n __iget(i_reg)\n spin_unlock(&i_reg->i_lock)\n spin_unlock(lru_lock)\n rm file A\n i_reg->nlink = 0\n iput(i_reg) // i_reg->nlink is 0, do evict\n ext4_evict_inode\n ext4_xattr_delete_inode\n ext4_xattr_inode_dec_ref_all\n ext4_xattr_inode_iget\n ext4_iget(i_ea->i_ino)\n iget_locked\n find_inode_fast\n __wait_on_freeing_inode(i_ea) -----> AA deadlock\n dispose_list // cannot be executed by prune_icache_sb\n wake_up_bit(&i_ea->i_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n deleting process holds BASEHD's wbuf->io_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n reclaiming process could try locking BASEHD's wbuf->io_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa\n 3. Then, following three processes running like this:\n\n PA PB PC\n echo 2 > /proc/sys/vm/drop_caches\n shrink_slab\n prune_dcache_sb\n // ib and ia are added into lru, lru->ixa->ib->ia\n prune_icache_sb\n list_lru_walk_one\n inode_lru_isolate\n ixa->i_state |= I_FREEING // set inode state\n inode_lru_isolate\n __iget(ib)\n spin_unlock(&ib->i_lock)\n spin_unlock(lru_lock)\n rm file B\n ib->nlink = 0\n rm file A\n iput(ia)\n ubifs_evict_inode(ia)\n ubifs_jnl_delete_inode(ia)\n ubifs_jnl_write_inode(ia)\n make_reservation(BASEHD) // Lock wbuf->io_mutex\n ubifs_iget(ixa->i_ino)\n iget_locked\n find_inode_fast\n __wait_on_freeing_inode(ixa)\n | iput(ib) // ib->nlink is 0, do evict\n | ubifs_evict_inode\n | ubifs_jnl_delete_inode(ib)\n v ubifs_jnl_write_inode\n ABBA deadlock <------make_reservation(BASEHD)\n dispose_list // cannot be executed by prune_icache_sb\n wake_up_bit(&ixa->i_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.94.1.x86_64","SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.94.1.noarch","SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.94.1.x86_64","SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.94.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-45003","url":"https://www.suse.com/security/cve/CVE-2024-45003"},{"category":"external","summary":"SUSE Bug 1230245 for CVE-2024-45003","url":"https://bugzilla.suse.com/1230245"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.94.1.x86_64","SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.94.1.noarch","SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.94.1.x86_64","SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.94.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.94.1.x86_64","SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.94.1.noarch","SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.94.1.x86_64","SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.94.1.noarch"]}],"threats":[{"category":"impact","date":"2024-09-23T13:55:21Z","details":"moderate"}],"title":"CVE-2024-45003"}]}