Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-50302 (GCVE-0-2024-50302)
Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2026-05-23 15:55Title
HID: core: zero-initialize the report buffer
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
Severity
5.5 (Medium)
SSVC
Exploitation: active
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-908 - Use of Uninitialized Resource
Assigner
References
13 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
27ce405039bfe6d3f4143415c638f56a3df77dca , < e7ea60184e1e88a3c9e437b3265cbb6439aa7e26
(git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 3f9e88f2672c4635960570ee9741778d4135ecf5 (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 05ade5d4337867929e7ef664e7ac8e0c734f1aaf (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 1884ab3d22536a5c14b17c78c2ce76d1734e8b0b (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 9d9f5c75c0c7f31766ec27d90f7a6ac673193191 (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 492015e6249fbcd42138b49de3c588d826dd9648 (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 177f25d1292c7e16e1199b39c85480f7f8815552 (git) Affected: b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7 (git) Affected: fe6c9b48ebc920ff21c10c50ab2729440c734254 (git) Affected: 3.10.16 , < 3.11 (semver) Affected: 3.11.5 , < 3.12 (semver) |
|
| Linux | Linux |
Affected:
3.12
Unaffected: 0 , < 3.12 (semver) Unaffected: 4.19.324 , ≤ 4.19.* (semver) Unaffected: 5.4.286 , ≤ 5.4.* (semver) Unaffected: 5.10.230 , ≤ 5.10.* (semver) Unaffected: 5.15.172 , ≤ 5.15.* (semver) Unaffected: 6.1.117 , ≤ 6.1.* (semver) Unaffected: 6.6.61 , ≤ 6.6.* (semver) Unaffected: 6.11.8 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
CISA
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: fc0fc027-1090-4e11-9d90-8cc81af807b8
Exploited: Yes
Timestamps
First Seen: 2025-03-04
Asserted: 2025-03-04
Scope
Notes: KEV entry: Linux Kernel Use of Uninitialized Resource Vulnerability | Affected: Linux / Kernel | Description: The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024111908-CVE-2024-50302-f677@gregkh/ ; https://source.android.com/docs/security/bulletin/2025-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-50302
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-908 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Kernel |
| Due Date | 2025-03-25 |
| Date Added | 2025-03-04 |
| Vendorproject | Linux |
| Vulnerabilityname | Linux Kernel Use of Uninitialized Resource Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 12:26 UTC
| Updated: 2026-02-06 07:17 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 67ae2cb9-e6df-4c70-8317-86b89c005612
Exploited: Yes
Timestamps
First Seen: 2025-03-04
Asserted: 2025-03-04
Scope
Notes: KEVIntel entry: HID: core: zero-initialize the report buffer | Affected: Linux / Linux | CVSS: 5.5 (MEDIUM) | EPSS: 0.00809 | Used in malware: unknown | Not yet in CISA KEV: False
Evidence
Type: Public Report
Signal: Successful Exploitation
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | HID: core: zero-initialize the report buffer |
| Vendor | Linux |
| Product | Linux |
| Added Date | 2025-03-04T00:00:00.000Z |
| Cvss Score | 5.5 |
| Epss Score | 0.00809 |
| Cvss Severity | MEDIUM |
| Epss Percentile | 0.5206 |
| Used In Malware | unknown |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | False |
References
Created: 2026-06-23 14:06 UTC
| Updated: 2026-06-23 14:06 UTC
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50302",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:26.718337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:35.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00.000Z",
"value": "CVE-2024-50302 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:28:19.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:01:00.886Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e7ea60184e1e88a3c9e437b3265cbb6439aa7e26",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "3f9e88f2672c4635960570ee9741778d4135ecf5",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "d7dc68d82ab3fcfc3f65322465da3d7031d4ab46",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "05ade5d4337867929e7ef664e7ac8e0c734f1aaf",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "1884ab3d22536a5c14b17c78c2ce76d1734e8b0b",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "9d9f5c75c0c7f31766ec27d90f7a6ac673193191",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "492015e6249fbcd42138b49de3c588d826dd9648",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "177f25d1292c7e16e1199b39c85480f7f8815552",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"status": "affected",
"version": "b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7",
"versionType": "git"
},
{
"status": "affected",
"version": "fe6c9b48ebc920ff21c10c50ab2729440c734254",
"versionType": "git"
},
{
"lessThan": "3.11",
"status": "affected",
"version": "3.10.16",
"versionType": "semver"
},
{
"lessThan": "3.12",
"status": "affected",
"version": "3.11.5",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.12"
},
{
"lessThan": "3.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.172",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.61",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.324",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.286",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.61",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.8",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:55:02.106Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26"
},
{
"url": "https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5"
},
{
"url": "https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46"
},
{
"url": "https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf"
},
{
"url": "https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b"
},
{
"url": "https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191"
},
{
"url": "https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648"
},
{
"url": "https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552"
}
],
"title": "HID: core: zero-initialize the report buffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50302",
"datePublished": "2024-11-19T01:30:51.300Z",
"dateReserved": "2024-10-21T19:36:19.987Z",
"dateUpdated": "2026-05-23T15:55:02.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2024-50302",
"cwes": "[\"CWE-908\"]",
"dateAdded": "2025-03-04",
"dueDate": "2025-03-25",
"knownRansomwareCampaignUse": "Unknown",
"notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024111908-CVE-2024-50302-f677@gregkh/ ; https://source.android.com/docs/security/bulletin/2025-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-50302",
"product": "Kernel",
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report.",
"vendorProject": "Linux",
"vulnerabilityName": "Linux Kernel Use of Uninitialized Resource Vulnerability"
},
"epss": {
"cve": "CVE-2024-50302",
"date": "2026-06-27",
"epss": "0.00809",
"percentile": "0.52285"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.12\", \"versionEndExcluding\": \"4.19.324\", \"matchCriteriaId\": \"7D982986-F7AE-4B56-8E3E-D34CE2B7AF38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.20\", \"versionEndExcluding\": \"5.4.286\", \"matchCriteriaId\": \"9952C897-8A61-4D4B-9D6D-7D063E9EA15E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.5\", \"versionEndExcluding\": \"5.10.230\", \"matchCriteriaId\": \"BF5B32D0-72C9-41C3-A0BB-D4946153C134\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11\", \"versionEndExcluding\": \"5.15.172\", \"matchCriteriaId\": \"88812664-4296-42AC-AE0F-ED71086C1BB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16\", \"versionEndExcluding\": \"6.1.117\", \"matchCriteriaId\": \"0DD7F755-2F6B-4707-8973-78496AD5AA8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2\", \"versionEndExcluding\": \"6.6.61\", \"matchCriteriaId\": \"630ED7EB-C97E-4435-B884-1E309E40D6F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.11.8\", \"matchCriteriaId\": \"0BD000F7-3DAD-4DD3-8906-98EA1EC67E95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F361E1D-580F-4A2D-A509-7615F73167A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F717D8-3014-4F84-8086-0124B2111379\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*\", \"matchCriteriaId\": \"24B88717-53F5-42AA-9B72-14C707639E3F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nHID: core: zero-initialize the report buffer\\n\\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\\nto leak kernel memory via specially-crafted report.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: n\\u00facleo: inicializar en cero el b\\u00fafer de informes Dado que el b\\u00fafer de informes es utilizado por todo tipo de controladores de diversas formas, vamos a inicializarlo en cero durante la asignaci\\u00f3n para asegurarnos de que nunca pueda usarse para filtrar memoria del kernel a trav\\u00e9s de un informe especialmente manipulado.\"}]",
"id": "CVE-2024-50302",
"lastModified": "2024-11-27T15:27:00.187",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
"published": "2024-11-19T02:16:32.320",
"references": "[{\"url\": \"https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}]",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-908\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-50302\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-19T02:16:32.320\",\"lastModified\":\"2026-06-17T08:04:10.447\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nHID: core: zero-initialize the report buffer\\n\\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\\nto leak kernel memory via specially-crafted report.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: n\u00facleo: inicializar en cero el b\u00fafer de informes Dado que el b\u00fafer de informes es utilizado por todo tipo de controladores de diversas formas, vamos a inicializarlo en cero durante la asignaci\u00f3n para asegurarnos de que nunca pueda usarse para filtrar memoria del kernel a trav\u00e9s de un informe especialmente manipulado.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"drivers/hid/hid-core.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"27ce405039bfe6d3f4143415c638f56a3df77dca\",\"lessThan\":\"e7ea60184e1e88a3c9e437b3265cbb6439aa7e26\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"27ce405039bfe6d3f4143415c638f56a3df77dca\",\"lessThan\":\"3f9e88f2672c4635960570ee9741778d4135ecf5\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"27ce405039bfe6d3f4143415c638f56a3df77dca\",\"lessThan\":\"d7dc68d82ab3fcfc3f65322465da3d7031d4ab46\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"27ce405039bfe6d3f4143415c638f56a3df77dca\",\"lessThan\":\"05ade5d4337867929e7ef664e7ac8e0c734f1aaf\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"27ce405039bfe6d3f4143415c638f56a3df77dca\",\"lessThan\":\"1884ab3d22536a5c14b17c78c2ce76d1734e8b0b\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"27ce405039bfe6d3f4143415c638f56a3df77dca\",\"lessThan\":\"9d9f5c75c0c7f31766ec27d90f7a6ac673193191\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"27ce405039bfe6d3f4143415c638f56a3df77dca\",\"lessThan\":\"492015e6249fbcd42138b49de3c588d826dd9648\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"27ce405039bfe6d3f4143415c638f56a3df77dca\",\"lessThan\":\"177f25d1292c7e16e1199b39c85480f7f8815552\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"fe6c9b48ebc920ff21c10c50ab2729440c734254\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"3.10.16\",\"lessThan\":\"3.11\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"3.11.5\",\"lessThan\":\"3.12\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"drivers/hid/hid-core.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"3.12\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"3.12\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"4.19.324\",\"lessThanOrEqual\":\"4.19.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.4.286\",\"lessThanOrEqual\":\"5.4.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.10.230\",\"lessThanOrEqual\":\"5.10.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.172\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.117\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.61\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.11.8\",\"lessThanOrEqual\":\"6.11.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM RST2428P\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"unaffected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"unaffected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XCM-/XRM-/XCH-/XRH-300 family\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"unaffected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-03-05T04:55:26.718337Z\",\"id\":\"CVE-2024-50302\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2025-03-04\",\"cisaActionDue\":\"2025-03-25\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Linux Kernel Use of Uninitialized Resource Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6C0262-1527-4F55-8BDE-973F59FE7E1B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1500_tm_mfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"754051AB-27D3-41CA-B2C8-79BAD48C8750\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinec_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2\",\"matchCriteriaId\":\"FA64F29A-AD82-4C61-BA69-AC9ABF9CFEF5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_rst2428p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5162CF70-42A4-4CBD-BE7E-17526719138A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc316-8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5A0BBD2-432C-4C37-A371-EC11A00D52D8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc319-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BBF5B37-DC44-42A1-A2D1-3D3BBE31BEEC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc324-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76572367-5EDD-438E-9682-25C243014840\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc324-4eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4C044CD-DA0B-4010-BABC-83C5FB9856D8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc332:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B320F7CF-B10C-45EB-9C90-929D1559F2BF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc416-8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6AE4732-7607-400A-A91E-6DF461D87960\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc419-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FCDCCBC-DAEF-4068-AEE7-05C94E681A32\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc424-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CEC02B5-FCB5-4A84-8525-6554924C2F92\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc432:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26F3FFB6-C652-4A86-B335-99E135A1E46F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xch328:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"782C249B-9E3A-4434-85D6-1F69A038D829\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xcm324:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"136D0CA3-725F-4D2F-9CC8-50900A6B34C8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xcm328:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2EC8600-BA60-4924-B884-AFAA2479148F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xcm332:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05A09417-83A6-42AC-A89E-DEFDC942DA39\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr302-32:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9466814-A230-4AC9-AB45-0E239AC6D835\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr322-12:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D120370-64EE-4BA5-AE3D-0DC4BB981935\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr326-8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6361663-6D4A-408D-B3CD-694988C95AB5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr326-8eec:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16FFF08F-677B-448A-82E1-E76707D9E6F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr502-32:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A037C08-0764-452D-A821-8948164C480A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr522-12:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"467779F9-C715-402E-9A5B-80015424B129\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0E6B7D8-3F9E-43D6-AEFE-DEE3993679C5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr524-8wg:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE3879F0-02AB-4ABE-9753-BED7BA46965A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr526-8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9ECC2EEE-B583-45E0-AEAC-B1225CEBAA30\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67661569-6233-4C74-9C72-88BD14B257FE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr528-6m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E048C4A-A414-4C87-A865-4D4218AE32EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr552-12m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A806691-3F4B-46AA-9718-2F6BF0FD3D7A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xrh334:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06FA1667-965A-4119-A519-F9119B5358DF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xrm334:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5FC3042-0224-45AE-B516-7934EF15DCC8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.12\",\"versionEndExcluding\":\"4.19.324\",\"matchCriteriaId\":\"7D982986-F7AE-4B56-8E3E-D34CE2B7AF38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.286\",\"matchCriteriaId\":\"9952C897-8A61-4D4B-9D6D-7D063E9EA15E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.230\",\"matchCriteriaId\":\"BF5B32D0-72C9-41C3-A0BB-D4946153C134\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.172\",\"matchCriteriaId\":\"88812664-4296-42AC-AE0F-ED71086C1BB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.117\",\"matchCriteriaId\":\"0DD7F755-2F6B-4707-8973-78496AD5AA8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.61\",\"matchCriteriaId\":\"630ED7EB-C97E-4435-B884-1E309E40D6F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.8\",\"matchCriteriaId\":\"0BD000F7-3DAD-4DD3-8906-98EA1EC67E95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B88717-53F5-42AA-9B72-14C707639E3F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-265688.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-355557.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T22:28:19.656Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RST2428P\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XCM-/XRM-/XCH-/XRH-300 family\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-265688.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-355557.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-05-12T12:01:00.886Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-50302\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-05T04:55:26.718337Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-03-04\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-03-04T00:00:00.000Z\", \"value\": \"CVE-2024-50302 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-908\", \"description\": \"CWE-908 Use of Uninitialized Resource\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-04T13:53:13.662Z\"}}], \"cna\": {\"title\": \"HID: core: zero-initialize the report buffer\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"27ce405039bfe6d3f4143415c638f56a3df77dca\", \"lessThan\": \"e7ea60184e1e88a3c9e437b3265cbb6439aa7e26\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"27ce405039bfe6d3f4143415c638f56a3df77dca\", \"lessThan\": \"3f9e88f2672c4635960570ee9741778d4135ecf5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"27ce405039bfe6d3f4143415c638f56a3df77dca\", \"lessThan\": \"d7dc68d82ab3fcfc3f65322465da3d7031d4ab46\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"27ce405039bfe6d3f4143415c638f56a3df77dca\", \"lessThan\": \"05ade5d4337867929e7ef664e7ac8e0c734f1aaf\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"27ce405039bfe6d3f4143415c638f56a3df77dca\", \"lessThan\": \"1884ab3d22536a5c14b17c78c2ce76d1734e8b0b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"27ce405039bfe6d3f4143415c638f56a3df77dca\", \"lessThan\": \"9d9f5c75c0c7f31766ec27d90f7a6ac673193191\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"27ce405039bfe6d3f4143415c638f56a3df77dca\", \"lessThan\": \"492015e6249fbcd42138b49de3c588d826dd9648\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"27ce405039bfe6d3f4143415c638f56a3df77dca\", \"lessThan\": \"177f25d1292c7e16e1199b39c85480f7f8815552\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fe6c9b48ebc920ff21c10c50ab2729440c734254\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"3.10.16\", \"lessThan\": \"3.11\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.11.5\", \"lessThan\": \"3.12\", \"versionType\": \"semver\"}], \"programFiles\": [\"drivers/hid/hid-core.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.12\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"3.12\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.324\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.286\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.230\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.172\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.117\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.61\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11.8\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.11.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/hid/hid-core.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26\"}, {\"url\": \"https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5\"}, {\"url\": \"https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46\"}, {\"url\": \"https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf\"}, {\"url\": \"https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b\"}, {\"url\": \"https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191\"}, {\"url\": \"https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648\"}, {\"url\": \"https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nHID: core: zero-initialize the report buffer\\n\\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\\nto leak kernel memory via specially-crafted report.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.324\", \"versionStartIncluding\": \"3.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.286\", \"versionStartIncluding\": \"3.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.230\", \"versionStartIncluding\": \"3.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.172\", \"versionStartIncluding\": \"3.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.117\", \"versionStartIncluding\": \"3.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.61\", \"versionStartIncluding\": \"3.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.11.8\", \"versionStartIncluding\": \"3.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12\", \"versionStartIncluding\": \"3.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"3.10.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"3.11.5\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-23T15:55:02.106Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-50302\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-23T15:55:02.106Z\", \"dateReserved\": \"2024-10-21T19:36:19.987Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-11-19T01:30:51.300Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2025:0919-1
Vulnerability from csaf_suse - Published: 2025-03-19 07:34 - Updated: 2025-03-19 07:34Summary
Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_23_22 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231196).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235452).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
Patchnames: SUSE-2025-919,SUSE-SLE-Module-Live-Patching-15-SP6-2025-919
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_23_22 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231196).\n- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235452).\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-919,SUSE-SLE-Module-Live-Patching-15-SP6-2025-919",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0919-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0919-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250919-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0919-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020540.html"
},
{
"category": "self",
"summary": "SUSE Bug 1231196",
"url": "https://bugzilla.suse.com/1231196"
},
{
"category": "self",
"summary": "SUSE Bug 1231204",
"url": "https://bugzilla.suse.com/1231204"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE Bug 1235452",
"url": "https://bugzilla.suse.com/1235452"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46815 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56648 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56648/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-03-19T07:34:10Z",
"generator": {
"date": "2025-03-19T07:34:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0919-1",
"initial_release_date": "2025-03-19T07:34:10Z",
"revision_history": [
{
"date": "2025-03-19T07:34:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-46815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY \u0026 HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46815",
"url": "https://www.suse.com/security/cve/CVE-2024-46815"
},
{
"category": "external",
"summary": "SUSE Bug 1231195 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231195"
},
{
"category": "external",
"summary": "SUSE Bug 1231196 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T07:34:10Z",
"details": "important"
}
],
"title": "CVE-2024-46815"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T07:34:10Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T07:34:10Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
},
{
"cve": "CVE-2024-56648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: avoid potential out-of-bound access in fill_frame_info()\n\nsyzbot is able to feed a packet with 14 bytes, pretending\nit is a vlan one.\n\nSince fill_frame_info() is relying on skb-\u003emac_len already,\nextend the check to cover this case.\n\nBUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606\n __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3146 [inline]\n packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4091 [inline]\n slab_alloc_node mm/slub.c:4134 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n alloc_skb_with_frags+0xc8/0xd00 net/core/skbuff.c:6612\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2881\n packet_alloc_skb net/packet/af_packet.c:2995 [inline]\n packet_snd net/packet/af_packet.c:3089 [inline]\n packet_sendmsg+0x74c6/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56648",
"url": "https://www.suse.com/security/cve/CVE-2024-56648"
},
{
"category": "external",
"summary": "SUSE Bug 1235451 for CVE-2024-56648",
"url": "https://bugzilla.suse.com/1235451"
},
{
"category": "external",
"summary": "SUSE Bug 1235452 for CVE-2024-56648",
"url": "https://bugzilla.suse.com/1235452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-6-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T07:34:10Z",
"details": "important"
}
],
"title": "CVE-2024-56648"
}
]
}
SUSE-SU-2025:0920-1
Vulnerability from csaf_suse - Published: 2025-03-19 09:33 - Updated: 2025-03-19 09:33Summary
Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)
Description of the patch: This update for the Linux Kernel 5.14.21-150500_55_68 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231196).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235452).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).
Patchnames: SUSE-2025-920,SUSE-2025-921,SUSE-2025-925,SUSE-2025-926,SUSE-2025-928,SUSE-2025-930,SUSE-SLE-Module-Live-Patching-15-SP4-2025-928,SUSE-SLE-Module-Live-Patching-15-SP5-2025-926
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150500_55_68 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231196).\n- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235452).\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-920,SUSE-2025-921,SUSE-2025-925,SUSE-2025-926,SUSE-2025-928,SUSE-2025-930,SUSE-SLE-Module-Live-Patching-15-SP4-2025-928,SUSE-SLE-Module-Live-Patching-15-SP5-2025-926",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0920-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0920-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250920-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0920-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020553.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229640",
"url": "https://bugzilla.suse.com/1229640"
},
{
"category": "self",
"summary": "SUSE Bug 1231196",
"url": "https://bugzilla.suse.com/1231196"
},
{
"category": "self",
"summary": "SUSE Bug 1231204",
"url": "https://bugzilla.suse.com/1231204"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE Bug 1235452",
"url": "https://bugzilla.suse.com/1235452"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48911 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46815 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56648 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56648/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)",
"tracking": {
"current_release_date": "2025-03-19T09:33:57Z",
"generator": {
"date": "2025-03-19T09:33:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0920-1",
"initial_release_date": "2025-03-19T09:33:57Z",
"revision_history": [
{
"date": "2025-03-19T09:33:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_119-default-13-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_119-default-13-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_119-default-13-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_133-default-5-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_133-default-5-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_133-default-5-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_65-default-12-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_65-default-12-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_65-default-12-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_52-default-14-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_52-default-14-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_52-default-14-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_119-default-13-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_119-default-13-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_119-default-13-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_133-default-5-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_133-default-5-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_133-default-5-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_65-default-12-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_65-default-12-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_65-default-12-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_52-default-14-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_52-default-14-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_52-default-14-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_119-default-13-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_119-default-13-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_119-default-13-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_133-default-5-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_133-default-5-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_133-default-5-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_65-default-12-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_65-default-12-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_65-default-12-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_52-default-14-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_52-default-14-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_52-default-14-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-48911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n The sock_hold() side seems suspect, because there is no guarantee\n that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror. The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48911",
"url": "https://www.suse.com/security/cve/CVE-2022-48911"
},
{
"category": "external",
"summary": "SUSE Bug 1229633 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229633"
},
{
"category": "external",
"summary": "SUSE Bug 1229640 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T09:33:57Z",
"details": "important"
}
],
"title": "CVE-2022-48911"
},
{
"cve": "CVE-2024-46815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY \u0026 HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46815",
"url": "https://www.suse.com/security/cve/CVE-2024-46815"
},
{
"category": "external",
"summary": "SUSE Bug 1231195 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231195"
},
{
"category": "external",
"summary": "SUSE Bug 1231196 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T09:33:57Z",
"details": "important"
}
],
"title": "CVE-2024-46815"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T09:33:57Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T09:33:57Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
},
{
"cve": "CVE-2024-56648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: avoid potential out-of-bound access in fill_frame_info()\n\nsyzbot is able to feed a packet with 14 bytes, pretending\nit is a vlan one.\n\nSince fill_frame_info() is relying on skb-\u003emac_len already,\nextend the check to cover this case.\n\nBUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606\n __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3146 [inline]\n packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4091 [inline]\n slab_alloc_node mm/slub.c:4134 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n alloc_skb_with_frags+0xc8/0xd00 net/core/skbuff.c:6612\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2881\n packet_alloc_skb net/packet/af_packet.c:2995 [inline]\n packet_snd net/packet/af_packet.c:3089 [inline]\n packet_sendmsg+0x74c6/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56648",
"url": "https://www.suse.com/security/cve/CVE-2024-56648"
},
{
"category": "external",
"summary": "SUSE Bug 1235451 for CVE-2024-56648",
"url": "https://bugzilla.suse.com/1235451"
},
{
"category": "external",
"summary": "SUSE Bug 1235452 for CVE-2024-56648",
"url": "https://bugzilla.suse.com/1235452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_122-default-11-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_68-default-11-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T09:33:57Z",
"details": "important"
}
],
"title": "CVE-2024-56648"
}
]
}
SUSE-SU-2025:0922-1
Vulnerability from csaf_suse - Published: 2025-03-19 08:04 - Updated: 2025-03-19 08:04Summary
Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_23_17 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231196).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235452).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
- CVE-2024-42159: scsi: mpi3mr: fix sanitise num_phys (bsc#1228755).
Patchnames: SUSE-2025-922,SUSE-SLE-Module-Live-Patching-15-SP6-2025-922
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_23_17 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231196).\n- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235452).\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n- CVE-2024-42159: scsi: mpi3mr: fix sanitise num_phys (bsc#1228755).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-922,SUSE-SLE-Module-Live-Patching-15-SP6-2025-922",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0922-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0922-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250922-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0922-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020552.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228755",
"url": "https://bugzilla.suse.com/1228755"
},
{
"category": "self",
"summary": "SUSE Bug 1231196",
"url": "https://bugzilla.suse.com/1231196"
},
{
"category": "self",
"summary": "SUSE Bug 1231204",
"url": "https://bugzilla.suse.com/1231204"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE Bug 1235452",
"url": "https://bugzilla.suse.com/1235452"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42159 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46815 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56648 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56648/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-03-19T08:04:31Z",
"generator": {
"date": "2025-03-19T08:04:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0922-1",
"initial_release_date": "2025-03-19T08:04:31Z",
"revision_history": [
{
"date": "2025-03-19T08:04:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-42159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port-\u003ephy_mask, values larger then size of\nthis field shouldn\u0027t be allowed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42159",
"url": "https://www.suse.com/security/cve/CVE-2024-42159"
},
{
"category": "external",
"summary": "SUSE Bug 1228754 for CVE-2024-42159",
"url": "https://bugzilla.suse.com/1228754"
},
{
"category": "external",
"summary": "SUSE Bug 1228755 for CVE-2024-42159",
"url": "https://bugzilla.suse.com/1228755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T08:04:31Z",
"details": "important"
}
],
"title": "CVE-2024-42159"
},
{
"cve": "CVE-2024-46815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY \u0026 HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46815",
"url": "https://www.suse.com/security/cve/CVE-2024-46815"
},
{
"category": "external",
"summary": "SUSE Bug 1231195 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231195"
},
{
"category": "external",
"summary": "SUSE Bug 1231196 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T08:04:31Z",
"details": "important"
}
],
"title": "CVE-2024-46815"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T08:04:31Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T08:04:31Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
},
{
"cve": "CVE-2024-56648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: avoid potential out-of-bound access in fill_frame_info()\n\nsyzbot is able to feed a packet with 14 bytes, pretending\nit is a vlan one.\n\nSince fill_frame_info() is relying on skb-\u003emac_len already,\nextend the check to cover this case.\n\nBUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606\n __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3146 [inline]\n packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4091 [inline]\n slab_alloc_node mm/slub.c:4134 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n alloc_skb_with_frags+0xc8/0xd00 net/core/skbuff.c:6612\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2881\n packet_alloc_skb net/packet/af_packet.c:2995 [inline]\n packet_snd net/packet/af_packet.c:3089 [inline]\n packet_sendmsg+0x74c6/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56648",
"url": "https://www.suse.com/security/cve/CVE-2024-56648"
},
{
"category": "external",
"summary": "SUSE Bug 1235451 for CVE-2024-56648",
"url": "https://bugzilla.suse.com/1235451"
},
{
"category": "external",
"summary": "SUSE Bug 1235452 for CVE-2024-56648",
"url": "https://bugzilla.suse.com/1235452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-10-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T08:04:31Z",
"details": "important"
}
],
"title": "CVE-2024-56648"
}
]
}
SUSE-SU-2025:0924-1
Vulnerability from csaf_suse - Published: 2025-03-19 09:33 - Updated: 2025-03-19 09:33Summary
Security update for the Linux Kernel (Live Patch 61 for SLE 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 61 for SLE 12 SP5)
Description of the patch: This update for the Linux Kernel 4.12.14-122_231 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
Patchnames: SUSE-2025-924,SUSE-SLE-Live-Patching-12-SP5-2025-924
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 61 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_231 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-924,SUSE-SLE-Live-Patching-12-SP5-2025-924",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0924-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0924-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250924-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0924-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020551.html"
},
{
"category": "self",
"summary": "SUSE Bug 1231204",
"url": "https://bugzilla.suse.com/1231204"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 61 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2025-03-19T09:33:39Z",
"generator": {
"date": "2025-03-19T09:33:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0924-1",
"initial_release_date": "2025-03-19T09:33:39Z",
"revision_history": [
{
"date": "2025-03-19T09:33:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_231-default-5-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_231-default-5-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_231-default-5-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_231-default-5-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_231-default-5-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T09:33:39Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_231-default-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T09:33:39Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
}
]
}
SUSE-SU-2025:0927-1
Vulnerability from csaf_suse - Published: 2025-03-19 10:04 - Updated: 2025-03-19 10:04Summary
Security update for the Linux Kernel (Live Patch 59 for SLE 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 59 for SLE 12 SP5)
Description of the patch: This update for the Linux Kernel 4.12.14-122_225 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).
Patchnames: SUSE-2025-927,SUSE-SLE-Live-Patching-12-SP5-2025-927
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 59 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_225 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-927,SUSE-SLE-Live-Patching-12-SP5-2025-927",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0927-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0927-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250927-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0927-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020550.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229640",
"url": "https://bugzilla.suse.com/1229640"
},
{
"category": "self",
"summary": "SUSE Bug 1231204",
"url": "https://bugzilla.suse.com/1231204"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48911 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 59 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2025-03-19T10:04:05Z",
"generator": {
"date": "2025-03-19T10:04:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0927-1",
"initial_release_date": "2025-03-19T10:04:05Z",
"revision_history": [
{
"date": "2025-03-19T10:04:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_225-default-6-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_225-default-6-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_225-default-6-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_225-default-6-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_225-default-6-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-48911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n The sock_hold() side seems suspect, because there is no guarantee\n that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror. The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48911",
"url": "https://www.suse.com/security/cve/CVE-2022-48911"
},
{
"category": "external",
"summary": "SUSE Bug 1229633 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229633"
},
{
"category": "external",
"summary": "SUSE Bug 1229640 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T10:04:05Z",
"details": "important"
}
],
"title": "CVE-2022-48911"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T10:04:05Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_225-default-6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T10:04:05Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
}
]
}
SUSE-SU-2025:0929-1
Vulnerability from csaf_suse - Published: 2025-03-19 10:04 - Updated: 2025-03-19 10:04Summary
Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_141 fixes several issues.
The following security issues were fixed:
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235452).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
Patchnames: SUSE-2025-929,SUSE-SLE-Module-Live-Patching-15-SP4-2025-929
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_141 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235452).\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-929,SUSE-SLE-Module-Live-Patching-15-SP4-2025-929",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0929-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0929-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250929-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0929-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020549.html"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE Bug 1235452",
"url": "https://bugzilla.suse.com/1235452"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56648 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56648/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2025-03-19T10:04:22Z",
"generator": {
"date": "2025-03-19T10:04:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0929-1",
"initial_release_date": "2025-03-19T10:04:22Z",
"revision_history": [
{
"date": "2025-03-19T10:04:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T10:04:22Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
},
{
"cve": "CVE-2024-56648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: avoid potential out-of-bound access in fill_frame_info()\n\nsyzbot is able to feed a packet with 14 bytes, pretending\nit is a vlan one.\n\nSince fill_frame_info() is relying on skb-\u003emac_len already,\nextend the check to cover this case.\n\nBUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606\n __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3146 [inline]\n packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4091 [inline]\n slab_alloc_node mm/slub.c:4134 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n alloc_skb_with_frags+0xc8/0xd00 net/core/skbuff.c:6612\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2881\n packet_alloc_skb net/packet/af_packet.c:2995 [inline]\n packet_snd net/packet/af_packet.c:3089 [inline]\n packet_sendmsg+0x74c6/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56648",
"url": "https://www.suse.com/security/cve/CVE-2024-56648"
},
{
"category": "external",
"summary": "SUSE Bug 1235451 for CVE-2024-56648",
"url": "https://bugzilla.suse.com/1235451"
},
{
"category": "external",
"summary": "SUSE Bug 1235452 for CVE-2024-56648",
"url": "https://bugzilla.suse.com/1235452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-4-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T10:04:22Z",
"details": "important"
}
],
"title": "CVE-2024-56648"
}
]
}
SUSE-SU-2025:0942-1
Vulnerability from csaf_suse - Published: 2025-03-19 11:33 - Updated: 2025-03-19 11:33Summary
Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_150 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).
Patchnames: SUSE-2025-942,SUSE-SLE-Module-Live-Patching-15-SP3-2025-942
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_150 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).\n- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-942,SUSE-SLE-Module-Live-Patching-15-SP3-2025-942",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0942-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0942-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250942-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0942-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020546.html"
},
{
"category": "self",
"summary": "SUSE Bug 1227751",
"url": "https://bugzilla.suse.com/1227751"
},
{
"category": "self",
"summary": "SUSE Bug 1228017",
"url": "https://bugzilla.suse.com/1228017"
},
{
"category": "self",
"summary": "SUSE Bug 1229640",
"url": "https://bugzilla.suse.com/1229640"
},
{
"category": "self",
"summary": "SUSE Bug 1231204",
"url": "https://bugzilla.suse.com/1231204"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47261 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47261/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48792 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48911 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-03-19T11:33:56Z",
"generator": {
"date": "2025-03-19T11:33:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0942-1",
"initial_release_date": "2025-03-19T11:33:56Z",
"revision_history": [
{
"date": "2025-03-19T11:33:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_150-preempt-18-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_150-preempt-18-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_150-preempt-18-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-47261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47261"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix initializing CQ fragments buffer\n\nThe function init_cq_frag_buf() can be called to initialize the current CQ\nfragments buffer cq-\u003ebuf, or the temporary cq-\u003eresize_buf that is filled\nduring CQ resize operation.\n\nHowever, the offending commit started to use function get_cqe() for\ngetting the CQEs, the issue with this change is that get_cqe() always\nreturns CQEs from cq-\u003ebuf, which leads us to initialize the wrong buffer,\nand in case of enlarging the CQ we try to access elements beyond the size\nof the current cq-\u003ebuf and eventually hit a kernel panic.\n\n [exception RIP: init_cq_frag_buf+103]\n [ffff9f799ddcbcd8] mlx5_ib_resize_cq at ffffffffc0835d60 [mlx5_ib]\n [ffff9f799ddcbdb0] ib_resize_cq at ffffffffc05270df [ib_core]\n [ffff9f799ddcbdc0] llt_rdma_setup_qp at ffffffffc0a6a712 [llt]\n [ffff9f799ddcbe10] llt_rdma_cc_event_action at ffffffffc0a6b411 [llt]\n [ffff9f799ddcbe98] llt_rdma_client_conn_thread at ffffffffc0a6bb75 [llt]\n [ffff9f799ddcbec8] kthread at ffffffffa66c5da1\n [ffff9f799ddcbf50] ret_from_fork_nospec_begin at ffffffffa6d95ddd\n\nFix it by getting the needed CQE by calling mlx5_frag_buf_get_wqe() that\ntakes the correct source buffer as a parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47261",
"url": "https://www.suse.com/security/cve/CVE-2021-47261"
},
{
"category": "external",
"summary": "SUSE Bug 1224954 for CVE-2021-47261",
"url": "https://bugzilla.suse.com/1224954"
},
{
"category": "external",
"summary": "SUSE Bug 1227751 for CVE-2021-47261",
"url": "https://bugzilla.suse.com/1227751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2021-47261"
},
{
"cve": "CVE-2022-48792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task\n\nCurrently a use-after-free may occur if a sas_task is aborted by the upper\nlayer before we handle the I/O completion in mpi_ssp_completion() or\nmpi_sata_completion().\n\nIn this case, the following are the two steps in handling those I/O\ncompletions:\n\n - Call complete() to inform the upper layer handler of completion of\n the I/O.\n\n - Release driver resources associated with the sas_task in\n pm8001_ccb_task_free() call.\n\nWhen complete() is called, the upper layer may free the sas_task. As such,\nwe should not touch the associated sas_task afterwards, but we do so in the\npm8001_ccb_task_free() call.\n\nFix by swapping the complete() and pm8001_ccb_task_free() calls ordering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48792",
"url": "https://www.suse.com/security/cve/CVE-2022-48792"
},
{
"category": "external",
"summary": "SUSE Bug 1228013 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228013"
},
{
"category": "external",
"summary": "SUSE Bug 1228017 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2022-48792"
},
{
"cve": "CVE-2022-48911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n The sock_hold() side seems suspect, because there is no guarantee\n that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror. The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48911",
"url": "https://www.suse.com/security/cve/CVE-2022-48911"
},
{
"category": "external",
"summary": "SUSE Bug 1229633 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229633"
},
{
"category": "external",
"summary": "SUSE Bug 1229640 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2022-48911"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-18-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:33:56Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
}
]
}
SUSE-SU-2025:0943-1
Vulnerability from csaf_suse - Published: 2025-03-19 11:34 - Updated: 2025-03-19 11:34Summary
Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_153 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).
- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)
Patchnames: SUSE-2025-936,SUSE-2025-943,SUSE-SLE-Module-Live-Patching-15-SP3-2025-943
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_153 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).\n- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).\n- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-936,SUSE-2025-943,SUSE-SLE-Module-Live-Patching-15-SP3-2025-943",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0943-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0943-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250943-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0943-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020548.html"
},
{
"category": "self",
"summary": "SUSE Bug 1227656",
"url": "https://bugzilla.suse.com/1227656"
},
{
"category": "self",
"summary": "SUSE Bug 1227751",
"url": "https://bugzilla.suse.com/1227751"
},
{
"category": "self",
"summary": "SUSE Bug 1228017",
"url": "https://bugzilla.suse.com/1228017"
},
{
"category": "self",
"summary": "SUSE Bug 1229640",
"url": "https://bugzilla.suse.com/1229640"
},
{
"category": "self",
"summary": "SUSE Bug 1231204",
"url": "https://bugzilla.suse.com/1231204"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47261 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47261/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47496 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48792 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48911 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-03-19T11:34:03Z",
"generator": {
"date": "2025-03-19T11:34:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0943-1",
"initial_release_date": "2025-03-19T11:34:03Z",
"revision_history": [
{
"date": "2025-03-19T11:34:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_158-default-14-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_158-preempt-14-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_158-preempt-14-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_158-preempt-14-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_153-preempt-15-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_153-preempt-15-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_153-preempt-15-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-47261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47261"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix initializing CQ fragments buffer\n\nThe function init_cq_frag_buf() can be called to initialize the current CQ\nfragments buffer cq-\u003ebuf, or the temporary cq-\u003eresize_buf that is filled\nduring CQ resize operation.\n\nHowever, the offending commit started to use function get_cqe() for\ngetting the CQEs, the issue with this change is that get_cqe() always\nreturns CQEs from cq-\u003ebuf, which leads us to initialize the wrong buffer,\nand in case of enlarging the CQ we try to access elements beyond the size\nof the current cq-\u003ebuf and eventually hit a kernel panic.\n\n [exception RIP: init_cq_frag_buf+103]\n [ffff9f799ddcbcd8] mlx5_ib_resize_cq at ffffffffc0835d60 [mlx5_ib]\n [ffff9f799ddcbdb0] ib_resize_cq at ffffffffc05270df [ib_core]\n [ffff9f799ddcbdc0] llt_rdma_setup_qp at ffffffffc0a6a712 [llt]\n [ffff9f799ddcbe10] llt_rdma_cc_event_action at ffffffffc0a6b411 [llt]\n [ffff9f799ddcbe98] llt_rdma_client_conn_thread at ffffffffc0a6bb75 [llt]\n [ffff9f799ddcbec8] kthread at ffffffffa66c5da1\n [ffff9f799ddcbf50] ret_from_fork_nospec_begin at ffffffffa6d95ddd\n\nFix it by getting the needed CQE by calling mlx5_frag_buf_get_wqe() that\ntakes the correct source buffer as a parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47261",
"url": "https://www.suse.com/security/cve/CVE-2021-47261"
},
{
"category": "external",
"summary": "SUSE Bug 1224954 for CVE-2021-47261",
"url": "https://bugzilla.suse.com/1224954"
},
{
"category": "external",
"summary": "SUSE Bug 1227751 for CVE-2021-47261",
"url": "https://bugzilla.suse.com/1227751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:34:03Z",
"details": "important"
}
],
"title": "CVE-2021-47261"
},
{
"cve": "CVE-2021-47496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47496"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tls: Fix flipped sign in tls_err_abort() calls\n\nsk-\u003esk_err appears to expect a positive value, a convention that ktls\ndoesn\u0027t always follow and that leads to memory corruption in other code.\nFor instance,\n\n [kworker]\n tls_encrypt_done(..., err=\u003cnegative error from crypto request\u003e)\n tls_err_abort(.., err)\n sk-\u003esk_err = err;\n\n [task]\n splice_from_pipe_feed\n ...\n tls_sw_do_sendpage\n if (sk-\u003esk_err) {\n ret = -sk-\u003esk_err; // ret is positive\n\n splice_from_pipe_feed (continued)\n ret = actor(...) // ret is still positive and interpreted as bytes\n // written, resulting in underflow of buf-\u003elen and\n // sd-\u003elen, leading to huge buf-\u003eoffset and bogus\n // addresses computed in later calls to actor()\n\nFix all tls_err_abort() callers to pass a negative error code\nconsistently and centralize the error-prone sign flip there, throwing in\na warning to catch future misuse and uninlining the function so it\nreally does only warn once.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47496",
"url": "https://www.suse.com/security/cve/CVE-2021-47496"
},
{
"category": "external",
"summary": "SUSE Bug 1225354 for CVE-2021-47496",
"url": "https://bugzilla.suse.com/1225354"
},
{
"category": "external",
"summary": "SUSE Bug 1227656 for CVE-2021-47496",
"url": "https://bugzilla.suse.com/1227656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:34:03Z",
"details": "important"
}
],
"title": "CVE-2021-47496"
},
{
"cve": "CVE-2022-48792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task\n\nCurrently a use-after-free may occur if a sas_task is aborted by the upper\nlayer before we handle the I/O completion in mpi_ssp_completion() or\nmpi_sata_completion().\n\nIn this case, the following are the two steps in handling those I/O\ncompletions:\n\n - Call complete() to inform the upper layer handler of completion of\n the I/O.\n\n - Release driver resources associated with the sas_task in\n pm8001_ccb_task_free() call.\n\nWhen complete() is called, the upper layer may free the sas_task. As such,\nwe should not touch the associated sas_task afterwards, but we do so in the\npm8001_ccb_task_free() call.\n\nFix by swapping the complete() and pm8001_ccb_task_free() calls ordering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48792",
"url": "https://www.suse.com/security/cve/CVE-2022-48792"
},
{
"category": "external",
"summary": "SUSE Bug 1228013 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228013"
},
{
"category": "external",
"summary": "SUSE Bug 1228017 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:34:03Z",
"details": "important"
}
],
"title": "CVE-2022-48792"
},
{
"cve": "CVE-2022-48911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n The sock_hold() side seems suspect, because there is no guarantee\n that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror. The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48911",
"url": "https://www.suse.com/security/cve/CVE-2022-48911"
},
{
"category": "external",
"summary": "SUSE Bug 1229633 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229633"
},
{
"category": "external",
"summary": "SUSE Bug 1229640 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:34:03Z",
"details": "important"
}
],
"title": "CVE-2022-48911"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:34:03Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_153-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T11:34:03Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
}
]
}
SUSE-SU-2025:0944-1
Vulnerability from csaf_suse - Published: 2025-03-19 12:04 - Updated: 2025-03-19 12:04Summary
Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).
Patchnames: SUSE-2025-944,SUSE-2025-948,SUSE-SLE-Module-Live-Patching-15-SP3-2025-944
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).\n- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-944,SUSE-2025-948,SUSE-SLE-Module-Live-Patching-15-SP3-2025-944",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0944-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0944-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250944-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0944-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020558.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228017",
"url": "https://bugzilla.suse.com/1228017"
},
{
"category": "self",
"summary": "SUSE Bug 1229640",
"url": "https://bugzilla.suse.com/1229640"
},
{
"category": "self",
"summary": "SUSE Bug 1231204",
"url": "https://bugzilla.suse.com/1231204"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48792 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48911 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-03-19T12:04:27Z",
"generator": {
"date": "2025-03-19T12:04:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0944-1",
"initial_release_date": "2025-03-19T12:04:27Z",
"revision_history": [
{
"date": "2025-03-19T12:04:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_164-preempt-10-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_164-preempt-10-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_164-preempt-10-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_167-preempt-9-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_167-preempt-9-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_167-preempt-9-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-48792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task\n\nCurrently a use-after-free may occur if a sas_task is aborted by the upper\nlayer before we handle the I/O completion in mpi_ssp_completion() or\nmpi_sata_completion().\n\nIn this case, the following are the two steps in handling those I/O\ncompletions:\n\n - Call complete() to inform the upper layer handler of completion of\n the I/O.\n\n - Release driver resources associated with the sas_task in\n pm8001_ccb_task_free() call.\n\nWhen complete() is called, the upper layer may free the sas_task. As such,\nwe should not touch the associated sas_task afterwards, but we do so in the\npm8001_ccb_task_free() call.\n\nFix by swapping the complete() and pm8001_ccb_task_free() calls ordering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48792",
"url": "https://www.suse.com/security/cve/CVE-2022-48792"
},
{
"category": "external",
"summary": "SUSE Bug 1228013 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228013"
},
{
"category": "external",
"summary": "SUSE Bug 1228017 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T12:04:27Z",
"details": "important"
}
],
"title": "CVE-2022-48792"
},
{
"cve": "CVE-2022-48911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n The sock_hold() side seems suspect, because there is no guarantee\n that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror. The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48911",
"url": "https://www.suse.com/security/cve/CVE-2022-48911"
},
{
"category": "external",
"summary": "SUSE Bug 1229633 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229633"
},
{
"category": "external",
"summary": "SUSE Bug 1229640 for CVE-2022-48911",
"url": "https://bugzilla.suse.com/1229640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T12:04:27Z",
"details": "important"
}
],
"title": "CVE-2022-48911"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T12:04:27Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T12:04:27Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
}
]
}
SUSE-SU-2025:0946-1
Vulnerability from csaf_suse - Published: 2025-03-19 12:35 - Updated: 2025-03-19 12:35Summary
Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_136 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231196).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235452).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
Patchnames: SUSE-2025-946,SUSE-SLE-Module-Live-Patching-15-SP4-2025-946
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_136 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231196).\n- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235452).\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-946,SUSE-SLE-Module-Live-Patching-15-SP4-2025-946",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0946-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0946-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250946-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0946-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020557.html"
},
{
"category": "self",
"summary": "SUSE Bug 1231196",
"url": "https://bugzilla.suse.com/1231196"
},
{
"category": "self",
"summary": "SUSE Bug 1231204",
"url": "https://bugzilla.suse.com/1231204"
},
{
"category": "self",
"summary": "SUSE Bug 1233679",
"url": "https://bugzilla.suse.com/1233679"
},
{
"category": "self",
"summary": "SUSE Bug 1235452",
"url": "https://bugzilla.suse.com/1235452"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46815 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56648 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56648/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2025-03-19T12:35:10Z",
"generator": {
"date": "2025-03-19T12:35:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0946-1",
"initial_release_date": "2025-03-19T12:35:10Z",
"revision_history": [
{
"date": "2025-03-19T12:35:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-46815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]\n\n[WHY \u0026 HOW]\nnum_valid_sets needs to be checked to avoid a negative index when\naccessing reader_wm_sets[num_valid_sets - 1].\n\nThis fixes an OVERRUN issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46815",
"url": "https://www.suse.com/security/cve/CVE-2024-46815"
},
{
"category": "external",
"summary": "SUSE Bug 1231195 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231195"
},
{
"category": "external",
"summary": "SUSE Bug 1231196 for CVE-2024-46815",
"url": "https://bugzilla.suse.com/1231196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T12:35:10Z",
"details": "important"
}
],
"title": "CVE-2024-46815"
},
{
"cve": "CVE-2024-46818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY \u0026 HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46818",
"url": "https://www.suse.com/security/cve/CVE-2024-46818"
},
{
"category": "external",
"summary": "SUSE Bug 1231203 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231203"
},
{
"category": "external",
"summary": "SUSE Bug 1231204 for CVE-2024-46818",
"url": "https://bugzilla.suse.com/1231204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T12:35:10Z",
"details": "important"
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-50302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50302",
"url": "https://www.suse.com/security/cve/CVE-2024-50302"
},
{
"category": "external",
"summary": "SUSE Bug 1233491 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233491"
},
{
"category": "external",
"summary": "SUSE Bug 1233679 for CVE-2024-50302",
"url": "https://bugzilla.suse.com/1233679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T12:35:10Z",
"details": "important"
}
],
"title": "CVE-2024-50302"
},
{
"cve": "CVE-2024-56648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: avoid potential out-of-bound access in fill_frame_info()\n\nsyzbot is able to feed a packet with 14 bytes, pretending\nit is a vlan one.\n\nSince fill_frame_info() is relying on skb-\u003emac_len already,\nextend the check to cover this case.\n\nBUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606\n __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3146 [inline]\n packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4091 [inline]\n slab_alloc_node mm/slub.c:4134 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n alloc_skb_with_frags+0xc8/0xd00 net/core/skbuff.c:6612\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2881\n packet_alloc_skb net/packet/af_packet.c:2995 [inline]\n packet_snd net/packet/af_packet.c:3089 [inline]\n packet_sendmsg+0x74c6/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56648",
"url": "https://www.suse.com/security/cve/CVE-2024-56648"
},
{
"category": "external",
"summary": "SUSE Bug 1235451 for CVE-2024-56648",
"url": "https://bugzilla.suse.com/1235451"
},
{
"category": "external",
"summary": "SUSE Bug 1235452 for CVE-2024-56648",
"url": "https://bugzilla.suse.com/1235452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-5-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T12:35:10Z",
"details": "important"
}
],
"title": "CVE-2024-56648"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…