Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-48911 (GCVE-0-2022-48911)
Vulnerability from cvelistv5 – Published: 2024-08-22 01:31 – Updated: 2026-05-11 18:49
VLAI
EPSS
Title
netfilter: nf_queue: fix possible use-after-free
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_queue: fix possible use-after-free
Eric Dumazet says:
The sock_hold() side seems suspect, because there is no guarantee
that sk_refcnt is not already 0.
On failure, we cannot queue the packet and need to indicate an
error. The packet will be dropped by the caller.
v2: split skb prefetch hunk into separate change
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
271b72c7fa82c2c7a795bc16896149933110672d , < 21b27b2baa27423286e9b8d3f0b194d587083d95
(git)
Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < ef97921ccdc243170fcef857ba2a17cf697aece5 (git) Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < 34dc4a6a7f261736ef7183868a5bddad31c7f9e3 (git) Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < 43c25da41e3091b31a906651a43e80a2719aa1ff (git) Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < 4d05239203fa38ea8a6f31e228460da4cb17a71a (git) Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < dd648bd1b33a828f62befa696b206c688da0ec43 (git) Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee (git) Affected: 271b72c7fa82c2c7a795bc16896149933110672d , < c3873070247d9e3c7a6b0cf9bf9b45e8018427b1 (git) |
|
| Linux | Linux |
Affected:
2.6.29
Unaffected: 0 , < 2.6.29 (semver) Unaffected: 4.9.305 , ≤ 4.9.* (semver) Unaffected: 4.14.270 , ≤ 4.14.* (semver) Unaffected: 4.19.233 , ≤ 4.19.* (semver) Unaffected: 5.4.183 , ≤ 5.4.* (semver) Unaffected: 5.10.104 , ≤ 5.10.* (semver) Unaffected: 5.15.27 , ≤ 5.15.* (semver) Unaffected: 5.16.13 , ≤ 5.16.* (semver) Unaffected: 5.17 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:34:00.950489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:02.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_queue.h",
"net/netfilter/nf_queue.c",
"net/netfilter/nfnetlink_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "21b27b2baa27423286e9b8d3f0b194d587083d95",
"status": "affected",
"version": "271b72c7fa82c2c7a795bc16896149933110672d",
"versionType": "git"
},
{
"lessThan": "ef97921ccdc243170fcef857ba2a17cf697aece5",
"status": "affected",
"version": "271b72c7fa82c2c7a795bc16896149933110672d",
"versionType": "git"
},
{
"lessThan": "34dc4a6a7f261736ef7183868a5bddad31c7f9e3",
"status": "affected",
"version": "271b72c7fa82c2c7a795bc16896149933110672d",
"versionType": "git"
},
{
"lessThan": "43c25da41e3091b31a906651a43e80a2719aa1ff",
"status": "affected",
"version": "271b72c7fa82c2c7a795bc16896149933110672d",
"versionType": "git"
},
{
"lessThan": "4d05239203fa38ea8a6f31e228460da4cb17a71a",
"status": "affected",
"version": "271b72c7fa82c2c7a795bc16896149933110672d",
"versionType": "git"
},
{
"lessThan": "dd648bd1b33a828f62befa696b206c688da0ec43",
"status": "affected",
"version": "271b72c7fa82c2c7a795bc16896149933110672d",
"versionType": "git"
},
{
"lessThan": "dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee",
"status": "affected",
"version": "271b72c7fa82c2c7a795bc16896149933110672d",
"versionType": "git"
},
{
"lessThan": "c3873070247d9e3c7a6b0cf9bf9b45e8018427b1",
"status": "affected",
"version": "271b72c7fa82c2c7a795bc16896149933110672d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_queue.h",
"net/netfilter/nf_queue.c",
"net/netfilter/nfnetlink_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.305",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.183",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.104",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.305",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.270",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.233",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.183",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.104",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.27",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.13",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n The sock_hold() side seems suspect, because there is no guarantee\n that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror. The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T18:49:33.112Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/21b27b2baa27423286e9b8d3f0b194d587083d95"
},
{
"url": "https://git.kernel.org/stable/c/ef97921ccdc243170fcef857ba2a17cf697aece5"
},
{
"url": "https://git.kernel.org/stable/c/34dc4a6a7f261736ef7183868a5bddad31c7f9e3"
},
{
"url": "https://git.kernel.org/stable/c/43c25da41e3091b31a906651a43e80a2719aa1ff"
},
{
"url": "https://git.kernel.org/stable/c/4d05239203fa38ea8a6f31e228460da4cb17a71a"
},
{
"url": "https://git.kernel.org/stable/c/dd648bd1b33a828f62befa696b206c688da0ec43"
},
{
"url": "https://git.kernel.org/stable/c/dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee"
},
{
"url": "https://git.kernel.org/stable/c/c3873070247d9e3c7a6b0cf9bf9b45e8018427b1"
}
],
"title": "netfilter: nf_queue: fix possible use-after-free",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48911",
"datePublished": "2024-08-22T01:31:07.463Z",
"dateReserved": "2024-08-21T06:06:23.294Z",
"dateUpdated": "2026-05-11T18:49:33.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-48911",
"date": "2026-06-07",
"epss": "0.00021",
"percentile": "0.06097"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.6.29\", \"versionEndExcluding\": \"4.9.305\", \"matchCriteriaId\": \"C3F18B92-FE18-47E9-A7F2-16F95AB41486\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.10\", \"versionEndExcluding\": \"4.14.270\", \"matchCriteriaId\": \"51C0B6F2-A904-4FE6-B06B-CE26226B22B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.15\", \"versionEndExcluding\": \"4.19.233\", \"matchCriteriaId\": \"B59A7E33-6262-458E-AC76-E8CC4E812344\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.20\", \"versionEndExcluding\": \"5.4.183\", \"matchCriteriaId\": \"76A7616E-E6B9-4A7F-AA7C-1D47F774215F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.5\", \"versionEndExcluding\": \"5.10.104\", \"matchCriteriaId\": \"764998FC-D1F7-4BAA-BD56-A553C7AB8F08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11\", \"versionEndExcluding\": \"5.15.27\", \"matchCriteriaId\": \"B3A8E092-3021-4A34-8DCE-B89D2238818B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16\", \"versionEndExcluding\": \"5.16.13\", \"matchCriteriaId\": \"B871B667-EDC0-435D-909E-E918D8D90995\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6E34B23-78B4-4516-9BD8-61B33F4AC49A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2D2677C-5389-4AE9-869D-0F881E80D923\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFA3917C-C322-4D92-912D-ECE45B2E7416\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*\", \"matchCriteriaId\": \"BED18363-5ABC-4639-8BBA-68E771E5BB3F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfilter: nf_queue: fix possible use-after-free\\n\\nEric Dumazet says:\\n The sock_hold() side seems suspect, because there is no guarantee\\n that sk_refcnt is not already 0.\\n\\nOn failure, we cannot queue the packet and need to indicate an\\nerror. The packet will be dropped by the caller.\\n\\nv2: split skb prefetch hunk into separate change\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_queue: corrige posible use-after-free Eric Dumazet dice: El lado sock_hold() parece sospechoso, porque no hay garant\\u00eda de que sk_refcnt no sea ya 0. En caso de falla, No podemos poner en cola el paquete y necesitamos indicar un error. La persona que llama descartar\\u00e1 el paquete. v2: dividir el fragmento de captaci\\u00f3n previa de skb en un cambio separado\"}]",
"id": "CVE-2022-48911",
"lastModified": "2024-09-12T13:24:58.060",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
"published": "2024-08-22T02:15:05.483",
"references": "[{\"url\": \"https://git.kernel.org/stable/c/21b27b2baa27423286e9b8d3f0b194d587083d95\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/34dc4a6a7f261736ef7183868a5bddad31c7f9e3\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/43c25da41e3091b31a906651a43e80a2719aa1ff\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/4d05239203fa38ea8a6f31e228460da4cb17a71a\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/c3873070247d9e3c7a6b0cf9bf9b45e8018427b1\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/dd648bd1b33a828f62befa696b206c688da0ec43\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/ef97921ccdc243170fcef857ba2a17cf697aece5\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}]",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-48911\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-22T02:15:05.483\",\"lastModified\":\"2024-09-12T13:24:58.060\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfilter: nf_queue: fix possible use-after-free\\n\\nEric Dumazet says:\\n The sock_hold() side seems suspect, because there is no guarantee\\n that sk_refcnt is not already 0.\\n\\nOn failure, we cannot queue the packet and need to indicate an\\nerror. The packet will be dropped by the caller.\\n\\nv2: split skb prefetch hunk into separate change\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_queue: corrige posible use-after-free Eric Dumazet dice: El lado sock_hold() parece sospechoso, porque no hay garant\u00eda de que sk_refcnt no sea ya 0. En caso de falla, No podemos poner en cola el paquete y necesitamos indicar un error. La persona que llama descartar\u00e1 el paquete. v2: dividir el fragmento de captaci\u00f3n previa de skb en un cambio separado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.29\",\"versionEndExcluding\":\"4.9.305\",\"matchCriteriaId\":\"C3F18B92-FE18-47E9-A7F2-16F95AB41486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10\",\"versionEndExcluding\":\"4.14.270\",\"matchCriteriaId\":\"51C0B6F2-A904-4FE6-B06B-CE26226B22B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"4.19.233\",\"matchCriteriaId\":\"B59A7E33-6262-458E-AC76-E8CC4E812344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.183\",\"matchCriteriaId\":\"76A7616E-E6B9-4A7F-AA7C-1D47F774215F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.104\",\"matchCriteriaId\":\"764998FC-D1F7-4BAA-BD56-A553C7AB8F08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.27\",\"matchCriteriaId\":\"B3A8E092-3021-4A34-8DCE-B89D2238818B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.16.13\",\"matchCriteriaId\":\"B871B667-EDC0-435D-909E-E918D8D90995\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6E34B23-78B4-4516-9BD8-61B33F4AC49A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2D2677C-5389-4AE9-869D-0F881E80D923\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFA3917C-C322-4D92-912D-ECE45B2E7416\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"BED18363-5ABC-4639-8BBA-68E771E5BB3F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/21b27b2baa27423286e9b8d3f0b194d587083d95\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/34dc4a6a7f261736ef7183868a5bddad31c7f9e3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/43c25da41e3091b31a906651a43e80a2719aa1ff\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4d05239203fa38ea8a6f31e228460da4cb17a71a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c3873070247d9e3c7a6b0cf9bf9b45e8018427b1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/dd648bd1b33a828f62befa696b206c688da0ec43\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ef97921ccdc243170fcef857ba2a17cf697aece5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-48911\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T15:34:00.950489Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:12.865Z\"}}], \"cna\": {\"title\": \"netfilter: nf_queue: fix possible use-after-free\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"271b72c7fa82c2c7a795bc16896149933110672d\", \"lessThan\": \"21b27b2baa27423286e9b8d3f0b194d587083d95\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"271b72c7fa82c2c7a795bc16896149933110672d\", \"lessThan\": \"ef97921ccdc243170fcef857ba2a17cf697aece5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"271b72c7fa82c2c7a795bc16896149933110672d\", \"lessThan\": \"34dc4a6a7f261736ef7183868a5bddad31c7f9e3\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"271b72c7fa82c2c7a795bc16896149933110672d\", \"lessThan\": \"43c25da41e3091b31a906651a43e80a2719aa1ff\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"271b72c7fa82c2c7a795bc16896149933110672d\", \"lessThan\": \"4d05239203fa38ea8a6f31e228460da4cb17a71a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"271b72c7fa82c2c7a795bc16896149933110672d\", \"lessThan\": \"dd648bd1b33a828f62befa696b206c688da0ec43\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"271b72c7fa82c2c7a795bc16896149933110672d\", \"lessThan\": \"dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"271b72c7fa82c2c7a795bc16896149933110672d\", \"lessThan\": \"c3873070247d9e3c7a6b0cf9bf9b45e8018427b1\", \"versionType\": \"git\"}], \"programFiles\": [\"include/net/netfilter/nf_queue.h\", \"net/netfilter/nf_queue.c\", \"net/netfilter/nfnetlink_queue.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.29\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.29\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.9.305\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.9.*\"}, {\"status\": \"unaffected\", \"version\": \"4.14.270\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.14.*\"}, {\"status\": \"unaffected\", \"version\": \"4.19.233\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.183\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.104\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.27\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"5.16.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.16.*\"}, {\"status\": \"unaffected\", \"version\": \"5.17\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"include/net/netfilter/nf_queue.h\", \"net/netfilter/nf_queue.c\", \"net/netfilter/nfnetlink_queue.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/21b27b2baa27423286e9b8d3f0b194d587083d95\"}, {\"url\": \"https://git.kernel.org/stable/c/ef97921ccdc243170fcef857ba2a17cf697aece5\"}, {\"url\": \"https://git.kernel.org/stable/c/34dc4a6a7f261736ef7183868a5bddad31c7f9e3\"}, {\"url\": \"https://git.kernel.org/stable/c/43c25da41e3091b31a906651a43e80a2719aa1ff\"}, {\"url\": \"https://git.kernel.org/stable/c/4d05239203fa38ea8a6f31e228460da4cb17a71a\"}, {\"url\": \"https://git.kernel.org/stable/c/dd648bd1b33a828f62befa696b206c688da0ec43\"}, {\"url\": \"https://git.kernel.org/stable/c/dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee\"}, {\"url\": \"https://git.kernel.org/stable/c/c3873070247d9e3c7a6b0cf9bf9b45e8018427b1\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfilter: nf_queue: fix possible use-after-free\\n\\nEric Dumazet says:\\n The sock_hold() side seems suspect, because there is no guarantee\\n that sk_refcnt is not already 0.\\n\\nOn failure, we cannot queue the packet and need to indicate an\\nerror. The packet will be dropped by the caller.\\n\\nv2: split skb prefetch hunk into separate change\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.9.305\", \"versionStartIncluding\": \"2.6.29\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.14.270\", \"versionStartIncluding\": \"2.6.29\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.233\", \"versionStartIncluding\": \"2.6.29\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.183\", \"versionStartIncluding\": \"2.6.29\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.104\", \"versionStartIncluding\": \"2.6.29\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.27\", \"versionStartIncluding\": \"2.6.29\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.16.13\", \"versionStartIncluding\": \"2.6.29\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.17\", \"versionStartIncluding\": \"2.6.29\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T18:49:33.112Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-48911\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T18:49:33.112Z\", \"dateReserved\": \"2024-08-21T06:06:23.294Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-08-22T01:31:07.463Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2025:0942-1
Vulnerability from csaf_suse - Published: 2025-03-19 11:33 - Updated: 2025-03-19 11:33Summary
Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_150 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).
Patchnames: SUSE-2025-942,SUSE-SLE-Module-Live-Patching-15-SP3-2025-942
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_150 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).\n- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-942,SUSE-SLE-Module-Live-Patching-15-SP3-2025-942",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0942-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0942-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250942-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0942-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020546.html"
},
{
"category": "self",
"summary": "SUSE Bug 1227751",
"url": "https://bugzilla.suse.com/1227751"
},
{
"category": "self",
"summary": "SUSE Bug 1228017",
"url": "https://bugzilla.suse.com/1228017"
},
{
"category": "self",
"summary": "SUSE Bug 1229640",
"url": "https://bugzilla.suse.com/1229640"
},
{
"category": "self",
"summary": "SUSE Bug 1231204",
"url": "https://bugzilla.suse.com/1231204"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47261 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47261/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48792 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48911 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-03-19T11:33:56Z",
"generator": {
"date": "2025-03-19T11:33:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0942-1",
"initial_release_date": "2025-03-19T11:33:56Z",
"revision_history": [
{
"date": "2025-03-19T11:33:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_150-preempt-18-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_150-preempt-18-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_150-preempt-18-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-47261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47261"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix initializing CQ fragments buffer\n\nThe function init_cq_frag_buf() can be called to initialize the current CQ\nfragments buffer cq-\u003ebuf, or the temporary cq-\u003eresize_buf that is filled\nduring CQ resize operation.\n\nHowever, the offending commit started to use function get_cqe() for\ngetting the CQEs, the issue with this change is that get_cqe() always\nreturns CQEs from cq-\u003ebuf, which leads us to initialize the wrong buffer,\nand in case of enlarging the CQ we try to access elements beyond the size\nof the current cq-\u003ebuf and eventually hit a kernel panic.\n\n [exception RIP: init_cq_frag_buf+103]\n [ffff9f799ddcbcd8] mlx5_ib_resize_cq at ffffffffc0835d60 [mlx5_ib]\n [ffff9f799ddcbdb0] ib_resize_cq at ffffffffc05270df [ib_core]\n [ffff9f799ddcbdc0] llt_rdma_setup_qp at ffffffffc0a6a712 [llt]\n [ffff9f799ddcbe10] llt_rdma_cc_event_action at ffffffffc0a6b411 [llt]\n [ffff9f799ddcbe98] llt_rdma_client_conn_thread at ffffffffc0a6bb75 [llt]\n [ffff9f799ddcbec8] kthread at ffffffffa66c5da1\n [ffff9f799ddcbf50] ret_from_fork_nospec_begin at ffffffffa6d95ddd\n\nFix it by getting the needed CQE by calling mlx5_frag_buf_get_wqe() that\ntakes the correct source buffer as a parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47261",
"url": "https://www.suse.com/security/cve/CVE-2021-47261"
},
{
"category": "external",
"summary": "SUSE Bug 1224954 for CVE-2021-47261",
"url": "https://bugzilla.suse.com/1224954"
},
{
"category": "external",
"summary": "SUSE Bug 1227751 for CVE-2021-47261",
"url": "https://bugzilla.suse.com/1227751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2021-47261"
},
{
"cve": "CVE-2022-48792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task\n\nCurrently a use-after-free may occur if a sas_task is aborted by the upper\nlayer before we handle the I/O completion in mpi_ssp_completion() or\nmpi_sata_completion().\n\nIn this case, the following are the two steps in handling those I/O\ncompletions:\n\n - Call complete() to inform the upper layer handler of completion of\n the I/O.\n\n - Release driver resources associated with the sas_task in\n pm8001_ccb_task_free() call.\n\nWhen complete() is called, the upper layer may free the sas_task. As such,\nwe should not touch the associated sas_task afterwards, but we do so in the\npm8001_ccb_task_free() call.\n\nFix by swapping the complete() and pm8001_ccb_task_free() calls ordering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48792",
"url": "https://www.suse.com/security/cve/CVE-2022-48792"
},
{
"category": "external",
"summary": "SUSE Bug 1228013 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228013"
},
{
"category": "external",
"summary": "SUSE Bug 1228017 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2022-48792"
},
{
"cve": "CVE-2022-48911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n The sock_hold() side seems suspect, because there is no guarantee\n that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror. The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48911",
"url": "https://www.suse.com/security/cve/CVE-2022-48911"
},
{
"category": "external",
"summary": "SUSE Bug 1229633 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229633"
},
{
"category": "external",
"summary": "SUSE Bug 1229640 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2022-48911"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
}
]
}
SUSE-SU-2025:0943-1
Vulnerability from csaf_suse - Published: 2025-03-19 11:34 - Updated: 2025-03-19 11:34Summary
Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_153 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).
- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)
Patchnames: SUSE-2025-936,SUSE-2025-943,SUSE-SLE-Module-Live-Patching-15-SP3-2025-943
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_153 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).\n- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).\n- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-936,SUSE-2025-943,SUSE-SLE-Module-Live-Patching-15-SP3-2025-943",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0943-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0943-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250943-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0943-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020548.html"
},
{
"category": "self",
"summary": "SUSE Bug 1227656",
"url": "https://bugzilla.suse.com/1227656"
},
{
"category": "self",
"summary": "SUSE Bug 1227751",
"url": "https://bugzilla.suse.com/1227751"
},
{
"category": "self",
"summary": "SUSE Bug 1228017",
"url": "https://bugzilla.suse.com/1228017"
},
{
"category": "self",
"summary": "SUSE Bug 1229640",
"url": "https://bugzilla.suse.com/1229640"
},
{
"category": "self",
"summary": "SUSE Bug 1231204",
"url": "https://bugzilla.suse.com/1231204"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47261 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47261/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47496 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48792 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48911 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-03-19T11:34:03Z",
"generator": {
"date": "2025-03-19T11:34:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0943-1",
"initial_release_date": "2025-03-19T11:34:03Z",
"revision_history": [
{
"date": "2025-03-19T11:34:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_158-preempt-14-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_158-preempt-14-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_158-preempt-14-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_153-preempt-15-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_153-preempt-15-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_153-preempt-15-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-47261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47261"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix initializing CQ fragments buffer\n\nThe function init_cq_frag_buf() can be called to initialize the current CQ\nfragments buffer cq-\u003ebuf, or the temporary cq-\u003eresize_buf that is filled\nduring CQ resize operation.\n\nHowever, the offending commit started to use function get_cqe() for\ngetting the CQEs, the issue with this change is that get_cqe() always\nreturns CQEs from cq-\u003ebuf, which leads us to initialize the wrong buffer,\nand in case of enlarging the CQ we try to access elements beyond the size\nof the current cq-\u003ebuf and eventually hit a kernel panic.\n\n [exception RIP: init_cq_frag_buf+103]\n [ffff9f799ddcbcd8] mlx5_ib_resize_cq at ffffffffc0835d60 [mlx5_ib]\n [ffff9f799ddcbdb0] ib_resize_cq at ffffffffc05270df [ib_core]\n [ffff9f799ddcbdc0] llt_rdma_setup_qp at ffffffffc0a6a712 [llt]\n [ffff9f799ddcbe10] llt_rdma_cc_event_action at ffffffffc0a6b411 [llt]\n [ffff9f799ddcbe98] llt_rdma_client_conn_thread at ffffffffc0a6bb75 [llt]\n [ffff9f799ddcbec8] kthread at ffffffffa66c5da1\n [ffff9f799ddcbf50] ret_from_fork_nospec_begin at ffffffffa6d95ddd\n\nFix it by getting the needed CQE by calling mlx5_frag_buf_get_wqe() that\ntakes the correct source buffer as a parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47261",
"url": "https://www.suse.com/security/cve/CVE-2021-47261"
},
{
"category": "external",
"summary": "SUSE Bug 1224954 for CVE-2021-47261",
"url": "https://bugzilla.suse.com/1224954"
},
{
"category": "external",
"summary": "SUSE Bug 1227751 for CVE-2021-47261",
"url": "https://bugzilla.suse.com/1227751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:34:03Z",
"details": "important"
}
],
"title": "CVE-2021-47261"
},
{
"cve": "CVE-2021-47496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47496"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tls: Fix flipped sign in tls_err_abort() calls\n\nsk-\u003esk_err appears to expect a positive value, a convention that ktls\ndoesn\u0027t always follow and that leads to memory corruption in other code.\nFor instance,\n\n [kworker]\n tls_encrypt_done(..., err=\u003cnegative error from crypto request\u003e)\n tls_err_abort(.., err)\n sk-\u003esk_err = err;\n\n [task]\n splice_from_pipe_feed\n ...\n tls_sw_do_sendpage\n if (sk-\u003esk_err) {\n ret = -sk-\u003esk_err; // ret is positive\n\n splice_from_pipe_feed (continued)\n ret = actor(...) // ret is still positive and interpreted as bytes\n // written, resulting in underflow of buf-\u003elen and\n // sd-\u003elen, leading to huge buf-\u003eoffset and bogus\n // addresses computed in later calls to actor()\n\nFix all tls_err_abort() callers to pass a negative error code\nconsistently and centralize the error-prone sign flip there, throwing in\na warning to catch future misuse and uninlining the function so it\nreally does only warn once.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47496",
"url": "https://www.suse.com/security/cve/CVE-2021-47496"
},
{
"category": "external",
"summary": "SUSE Bug 1225354 for CVE-2021-47496",
"url": "https://bugzilla.suse.com/1225354"
},
{
"category": "external",
"summary": "SUSE Bug 1227656 for CVE-2021-47496",
"url": "https://bugzilla.suse.com/1227656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:34:03Z",
"details": "important"
}
],
"title": "CVE-2021-47496"
},
{
"cve": "CVE-2022-48792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task\n\nCurrently a use-after-free may occur if a sas_task is aborted by the upper\nlayer before we handle the I/O completion in mpi_ssp_completion() or\nmpi_sata_completion().\n\nIn this case, the following are the two steps in handling those I/O\ncompletions:\n\n - Call complete() to inform the upper layer handler of completion of\n the I/O.\n\n - Release driver resources associated with the sas_task in\n pm8001_ccb_task_free() call.\n\nWhen complete() is called, the upper layer may free the sas_task. As such,\nwe should not touch the associated sas_task afterwards, but we do so in the\npm8001_ccb_task_free() call.\n\nFix by swapping the complete() and pm8001_ccb_task_free() calls ordering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48792",
"url": "https://www.suse.com/security/cve/CVE-2022-48792"
},
{
"category": "external",
"summary": "SUSE Bug 1228013 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228013"
},
{
"category": "external",
"summary": "SUSE Bug 1228017 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:34:03Z",
"details": "important"
}
],
"title": "CVE-2022-48792"
},
{
"cve": "CVE-2022-48911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n The sock_hold() side seems suspect, because there is no guarantee\n that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror. The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48911",
"url": "https://www.suse.com/security/cve/CVE-2022-48911"
},
{
"category": "external",
"summary": "SUSE Bug 1229633 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229633"
},
{
"category": "external",
"summary": "SUSE Bug 1229640 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:34:03Z",
"details": "important"
}
],
"title": "CVE-2022-48911"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:34:03Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:34:03Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
}
]
}
SUSE-SU-2025:0944-1
Vulnerability from csaf_suse - Published: 2025-03-19 12:04 - Updated: 2025-03-19 12:04Summary
Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).
Patchnames: SUSE-2025-944,SUSE-2025-948,SUSE-SLE-Module-Live-Patching-15-SP3-2025-944
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).\n- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-944,SUSE-2025-948,SUSE-SLE-Module-Live-Patching-15-SP3-2025-944",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0944-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0944-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250944-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0944-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020558.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228017",
"url": "https://bugzilla.suse.com/1228017"
},
{
"category": "self",
"summary": "SUSE Bug 1229640",
"url": "https://bugzilla.suse.com/1229640"
},
{
"category": "self",
"summary": "SUSE Bug 1231204",
"url": "https://bugzilla.suse.com/1231204"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48792 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48911 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-03-19T12:04:27Z",
"generator": {
"date": "2025-03-19T12:04:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0944-1",
"initial_release_date": "2025-03-19T12:04:27Z",
"revision_history": [
{
"date": "2025-03-19T12:04:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_164-preempt-10-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_164-preempt-10-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_164-preempt-10-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_167-preempt-9-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_167-preempt-9-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_167-preempt-9-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-48792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task\n\nCurrently a use-after-free may occur if a sas_task is aborted by the upper\nlayer before we handle the I/O completion in mpi_ssp_completion() or\nmpi_sata_completion().\n\nIn this case, the following are the two steps in handling those I/O\ncompletions:\n\n - Call complete() to inform the upper layer handler of completion of\n the I/O.\n\n - Release driver resources associated with the sas_task in\n pm8001_ccb_task_free() call.\n\nWhen complete() is called, the upper layer may free the sas_task. As such,\nwe should not touch the associated sas_task afterwards, but we do so in the\npm8001_ccb_task_free() call.\n\nFix by swapping the complete() and pm8001_ccb_task_free() calls ordering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48792",
"url": "https://www.suse.com/security/cve/CVE-2022-48792"
},
{
"category": "external",
"summary": "SUSE Bug 1228013 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228013"
},
{
"category": "external",
"summary": "SUSE Bug 1228017 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T12:04:27Z",
"details": "important"
}
],
"title": "CVE-2022-48792"
},
{
"cve": "CVE-2022-48911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n The sock_hold() side seems suspect, because there is no guarantee\n that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror. The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48911",
"url": "https://www.suse.com/security/cve/CVE-2022-48911"
},
{
"category": "external",
"summary": "SUSE Bug 1229633 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229633"
},
{
"category": "external",
"summary": "SUSE Bug 1229640 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T12:04:27Z",
"details": "important"
}
],
"title": "CVE-2022-48911"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T12:04:27Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T12:04:27Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
}
]
}
SUSE-SU-2025:0950-1
Vulnerability from csaf_suse - Published: 2025-03-19 13:34 - Updated: 2025-03-19 13:34Summary
Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5)
Description of the patch: This update for the Linux Kernel 5.14.21-150500_55_49 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231196).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235452).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).
Patchnames: SUSE-2025-947,SUSE-2025-950,SUSE-2025-951,SUSE-SLE-Module-Live-Patching-15-SP4-2025-950,SUSE-SLE-Module-Live-Patching-15-SP5-2025-951
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150500_55_49 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231196).\n- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235452).\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-947,SUSE-2025-950,SUSE-2025-951,SUSE-SLE-Module-Live-Patching-15-SP4-2025-950,SUSE-SLE-Module-Live-Patching-15-SP5-2025-951",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0950-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0950-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250950-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0950-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020556.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229640",
"url": "https://bugzilla.suse.com/1229640"
},
{
"category": "self",
"summary": "SUSE Bug 1231196",
"url": "https://bugzilla.suse.com/1231196"
},
{
"category": "self",
"summary": "SUSE Bug 1231204",
"url": "https://bugzilla.suse.com/1231204"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE Bug 1235452",
"url": "https://bugzilla.suse.com/1235452"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48911 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46815 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56648 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56648/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5)",
"tracking": {
"current_release_date": "2025-03-19T13:34:04Z",
"generator": {
"date": "2025-03-19T13:34:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0950-1",
"initial_release_date": "2025-03-19T13:34:04Z",
"revision_history": [
{
"date": "2025-03-19T13:34:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_73-default-6-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_73-default-6-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_73-default-6-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_73-default-6-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_73-default-6-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_73-default-6-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_73-default-6-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_73-default-6-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_73-default-6-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-48911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n The sock_hold() side seems suspect, because there is no guarantee\n that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror. The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48911",
"url": "https://www.suse.com/security/cve/CVE-2022-48911"
},
{
"category": "external",
"summary": "SUSE Bug 1229633 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229633"
},
{
"category": "external",
"summary": "SUSE Bug 1229640 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T13:34:04Z",
"details": "important"
}
],
"title": "CVE-2022-48911"
},
{
"cve": "CVE-2024-46815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY \u0026 HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46815",
"url": "https://www.suse.com/security/cve/CVE-2024-46815"
},
{
"category": "external",
"summary": "SUSE Bug 1231195 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231195"
},
{
"category": "external",
"summary": "SUSE Bug 1231196 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T13:34:04Z",
"details": "important"
}
],
"title": "CVE-2024-46815"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T13:34:04Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T13:34:04Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
},
{
"cve": "CVE-2024-56648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: avoid potential out-of-bound access in fill_frame_info()\n\nsyzbot is able to feed a packet with 14 bytes, pretending\nit is a vlan one.\n\nSince fill_frame_info() is relying on skb-\u003emac_len already,\nextend the check to cover this case.\n\nBUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606\n __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3146 [inline]\n packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4091 [inline]\n slab_alloc_node mm/slub.c:4134 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n alloc_skb_with_frags+0xc8/0xd00 net/core/skbuff.c:6612\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2881\n packet_alloc_skb net/packet/af_packet.c:2995 [inline]\n packet_snd net/packet/af_packet.c:3089 [inline]\n packet_sendmsg+0x74c6/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56648",
"url": "https://www.suse.com/security/cve/CVE-2024-56648"
},
{
"category": "external",
"summary": "SUSE Bug 1235451 for CVE-2024-56648",
"url": "https://bugzilla.suse.com/1235451"
},
{
"category": "external",
"summary": "SUSE Bug 1235452 for CVE-2024-56648",
"url": "https://bugzilla.suse.com/1235452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_111-default-14-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_49-default-16-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T13:34:04Z",
"details": "important"
}
],
"title": "CVE-2024-56648"
}
]
}
WID-SEC-W-2024-1898
Vulnerability from csaf_certbund - Published: 2024-08-21 22:00 - Updated: 2025-06-04 22:00Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect Plus
|
cpe:/a:ibm:spectrum_protect_plus:10.1
|
10.1 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— |
References
112 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1898 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1898.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1898 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1898"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-4j2g-pw4f-5hg9 vom 2024-08-21",
"url": "https://github.com/advisories/GHSA-4j2g-pw4f-5hg9"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-f2cf-vg85-495f vom 2024-08-21",
"url": "https://github.com/advisories/GHSA-f2cf-vg85-495f"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48905 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082212-CVE-2022-48905-4c70@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48908 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082213-CVE-2022-48908-27ec@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48909 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082214-CVE-2022-48909-9726@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48910 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082214-CVE-2022-48910-a749@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48911 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082215-CVE-2022-48911-45bc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48912 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082215-CVE-2022-48912-3f55@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48913 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082215-CVE-2022-48913-94d0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48914 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082216-CVE-2022-48914-97e1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48927 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082221-CVE-2022-48927-392a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48928 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082221-CVE-2022-48928-bd61@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48929 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48930 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48930-9bda@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48931 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48931-ec5b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48932 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082223-CVE-2022-48932-9dc7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48933 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082223-CVE-2022-48933-6ebb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48934 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082224-CVE-2022-48934-6f50@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48935 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082224-CVE-2022-48935-7aa2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48936 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082224-CVE-2022-48936-9302@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48937 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082225-CVE-2022-48937-d289@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48938 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082225-CVE-2022-48938-4501@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48939 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082226-CVE-2022-48939-ff01@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48940 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082226-CVE-2022-48940-da55@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48941 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082226-CVE-2022-48941-32f7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48942 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082227-CVE-2022-48942-ca91@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2022-48943 vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/2024082227-CVE-2022-48943-8e11@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcements vom 2024-08-21",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6979-1 vom 2024-08-22",
"url": "https://ubuntu.com/security/notices/USN-6979-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3195-1 vom 2024-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019407.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3194-1 vom 2024-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019400.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3190-1 vom 2024-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019403.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3189-1 vom 2024-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019404.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12610 vom 2024-09-12",
"url": "https://linux.oracle.com/errata/ELSA-2024-12610.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12618 vom 2024-09-12",
"url": "https://linux.oracle.com/errata/ELSA-2024-12618.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3209-1 vom 2024-09-11",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/YNWVZVIFSX7PLBJX3I3PDZ4MIBERTN2Y/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12611 vom 2024-09-11",
"url": "https://linux.oracle.com/errata/ELSA-2024-12611.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12612 vom 2024-09-12",
"url": "https://linux.oracle.com/errata/ELSA-2024-12612.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3225-1 vom 2024-09-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019432.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3227-1 vom 2024-09-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019430.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3251-1 vom 2024-09-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019435.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3252-1 vom 2024-09-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019436.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3249-1 vom 2024-09-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019438.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3383-1 vom 2024-09-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019497.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3408-1 vom 2024-09-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/TGC7PQ5QNGEZWYIHCKH2KPZMGYJ4VN6B/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3467-1 vom 2024-09-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019532.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3483-1 vom 2024-09-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2HO244EHQ65DPDJ2NOBAXLG7QYWSCUMA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3483-1 vom 2024-09-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2HO244EHQ65DPDJ2NOBAXLG7QYWSCUMA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3499-1 vom 2024-09-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019536.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3547-1 vom 2024-10-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019566.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3566-1 vom 2024-10-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019578.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3569-1 vom 2024-10-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/6GBL67LQ3MUSYQCQRQH2AZH3XWILTO5A/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3565-1 vom 2024-10-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019573.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3559-1 vom 2024-10-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019575.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3567-1 vom 2024-10-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019577.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3563-1 vom 2024-10-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019579.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3592-1 vom 2024-10-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019589.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3585-1 vom 2024-10-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019586.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3591-1 vom 2024-10-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019587.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3587-1 vom 2024-10-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019588.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12779 vom 2024-10-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-12779.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8856 vom 2024-11-05",
"url": "https://access.redhat.com/errata/RHSA-2024:8856"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8870 vom 2024-11-05",
"url": "https://access.redhat.com/errata/RHSA-2024:8870"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8856 vom 2024-11-06",
"url": "https://linux.oracle.com/errata/ELSA-2024-8856.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:8870 vom 2024-11-08",
"url": "https://errata.build.resf.org/RLSA-2024:8870"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9315 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9315"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7121-1 vom 2024-11-20",
"url": "https://ubuntu.com/security/notices/USN-7121-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7122-1 vom 2024-11-20",
"url": "https://ubuntu.com/security/notices/USN-7122-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7121-2 vom 2024-11-20",
"url": "https://ubuntu.com/security/notices/USN-7121-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10262 vom 2024-11-26",
"url": "https://access.redhat.com/errata/RHSA-2024:10262"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7121-3 vom 2024-11-25",
"url": "https://ubuntu.com/security/notices/USN-7121-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7148-1 vom 2024-12-10",
"url": "https://ubuntu.com/security/notices/USN-7148-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7159-1 vom 2024-12-12",
"url": "https://ubuntu.com/security/notices/USN-7159-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7159-2 vom 2024-12-18",
"url": "https://ubuntu.com/security/notices/USN-7166-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7159-2 vom 2024-12-17",
"url": "https://ubuntu.com/security/notices/USN-7159-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7159-2 vom 2024-12-18",
"url": "https://ubuntu.com/security/notices/USN-7159-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7159-4 vom 2024-12-20",
"url": "https://ubuntu.com/security/notices/USN-7159-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7159-5 vom 2025-01-06",
"url": "https://ubuntu.com/security/notices/USN-7159-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7195-1 vom 2025-01-09",
"url": "https://ubuntu.com/security/notices/USN-7195-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7195-2 vom 2025-01-14",
"url": "https://ubuntu.com/security/notices/USN-7195-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0455-1 vom 2025-02-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020321.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0487-1 vom 2025-02-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/QIBJK3XANPM2U6AEOTGJ27N3L472DCRE/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0486-1 vom 2025-02-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XWFV7VUE5TX6GKXVI46R6ZIDRFEXHKUZ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0489-1 vom 2025-02-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/OCZ53J3OQFQB3VZIF7V6BL32FWNAV3CH/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0462-1 vom 2025-02-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CNVHBWUSJZEY34QR6GDPRY55WG3UIDSL/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0449-1 vom 2025-02-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020322.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0465-1 vom 2025-02-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/IZBNMZ4JWAINQUJYDC5JJYGAKWUST46Z/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0462-1 vom 2025-02-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CNVHBWUSJZEY34QR6GDPRY55WG3UIDSL/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0892-1 vom 2025-03-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020526.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0893-1 vom 2025-03-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020534.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0897-1 vom 2025-03-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/LA4OPTWWYEP2ZCDY5VK3PVS6P2FHDCPO/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0898-1 vom 2025-03-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/SUPADNIG6CVSVE3GIECLRHDQFDH5YSSB/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0916-1 vom 2025-03-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3G6SX3PAUJQY5KBBE7N7QVZMCC5RMLLM/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0903-1 vom 2025-03-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020537.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0904-1 vom 2025-03-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020536.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0906-1 vom 2025-03-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020539.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0917-1 vom 2025-03-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4QSDDY3MMRA6J6OVKONDM3ZBWSDU7FXC/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0908-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020545.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0920-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020553.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0944-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020558.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0942-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020546.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0927-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020550.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0950-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020556.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0943-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020548.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7229443 vom 2025-03-28",
"url": "https://www.ibm.com/support/pages/node/7229443"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7233232 vom 2025-05-13",
"url": "https://www.ibm.com/support/pages/node/7233232"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01620-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020867.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01640-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020861.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20028-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021386.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20044-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021334.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2025-06-04T22:00:00.000+00:00",
"generator": {
"date": "2025-06-05T06:14:31.808+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-1898",
"initial_release_date": "2024-08-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-08-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-08-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-09-10T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-11T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2024-09-12T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-16T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-23T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-30T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-10-08T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-10-09T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-10-10T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-11-04T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-05T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-11-10T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-11-12T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-11-25T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
},
{
"date": "2024-12-10T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-12-12T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-12-22T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-01-06T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-01-09T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-01-14T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-02-12T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-17T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-18T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-19T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-30T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-05-13T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-05-21T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "35"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "on Cloud Pak for Data",
"product": {
"name": "IBM DB2 on Cloud Pak for Data",
"product_id": "T042208",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:on_cloud_pak_for_data"
}
}
}
],
"category": "product_name",
"name": "DB2"
},
{
"branches": [
{
"category": "product_version",
"name": "10.1",
"product": {
"name": "IBM Spectrum Protect Plus 10.1",
"product_id": "T043600",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect Plus"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T029677",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4441",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2021-4441"
},
{
"cve": "CVE-2022-48901",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48901"
},
{
"cve": "CVE-2022-48902",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48902"
},
{
"cve": "CVE-2022-48903",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48903"
},
{
"cve": "CVE-2022-48904",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48904"
},
{
"cve": "CVE-2022-48905",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48905"
},
{
"cve": "CVE-2022-48906",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48906"
},
{
"cve": "CVE-2022-48907",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48907"
},
{
"cve": "CVE-2022-48908",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48908"
},
{
"cve": "CVE-2022-48909",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48909"
},
{
"cve": "CVE-2022-48910",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48910"
},
{
"cve": "CVE-2022-48911",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48911"
},
{
"cve": "CVE-2022-48912",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48912"
},
{
"cve": "CVE-2022-48913",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48913"
},
{
"cve": "CVE-2022-48914",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48914"
},
{
"cve": "CVE-2022-48915",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48915"
},
{
"cve": "CVE-2022-48916",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48916"
},
{
"cve": "CVE-2022-48917",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48917"
},
{
"cve": "CVE-2022-48918",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48918"
},
{
"cve": "CVE-2022-48919",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48919"
},
{
"cve": "CVE-2022-48920",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48920"
},
{
"cve": "CVE-2022-48921",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48921"
},
{
"cve": "CVE-2022-48922",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48922"
},
{
"cve": "CVE-2022-48923",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48923"
},
{
"cve": "CVE-2022-48924",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48924"
},
{
"cve": "CVE-2022-48925",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48925"
},
{
"cve": "CVE-2022-48926",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48926"
},
{
"cve": "CVE-2022-48927",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48927"
},
{
"cve": "CVE-2022-48928",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48928"
},
{
"cve": "CVE-2022-48929",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48929"
},
{
"cve": "CVE-2022-48930",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48930"
},
{
"cve": "CVE-2022-48931",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48931"
},
{
"cve": "CVE-2022-48932",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48932"
},
{
"cve": "CVE-2022-48933",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48933"
},
{
"cve": "CVE-2022-48934",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48934"
},
{
"cve": "CVE-2022-48935",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48935"
},
{
"cve": "CVE-2022-48936",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48936"
},
{
"cve": "CVE-2022-48937",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48937"
},
{
"cve": "CVE-2022-48938",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48938"
},
{
"cve": "CVE-2022-48939",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48939"
},
{
"cve": "CVE-2022-48940",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48940"
},
{
"cve": "CVE-2022-48941",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48941"
},
{
"cve": "CVE-2022-48942",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48942"
},
{
"cve": "CVE-2022-48943",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2022-48943"
},
{
"cve": "CVE-2024-37353",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2024-37353"
},
{
"cve": "CVE-2024-42143",
"product_status": {
"known_affected": [
"T043600",
"T002207",
"67646",
"T000126",
"T042208",
"T004914",
"T029677",
"T032255"
]
},
"release_date": "2024-08-21T22:00:00.000+00:00",
"title": "CVE-2024-42143"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…